![]() We only need to submit one: flag 04 – How am I talking? (150 points) The Authoritative nameservers field contains the details we are after. The details of the authoritative name servers can be found in the DNS Response packets. What is the authoritative name server for the domain that is being queried? …we can see the IPv6 address of the NTP server. Using a simple Display Filter to isolate NTP traffic using IPv6… ntp & ipv6 What is the IP address that is requested by the DHCP client?Īfter answering the DHCP questions, we know that we can use the following Display Filter to isolate DHCP Request packets: = 3Įxamining the packet details we find the Requested IP Address field. This write-up covers the questions relating to the network PCAP file. ![]() As the questions were split over multiple PCAP files ( shell, smb, dhcp, network, dns, and https), I have decided to split my write-ups by PCAP for ease of reading. This series of write-ups covers the network forensics section. In May 2020 the Champlain College Digital Forensics Association, in collaboration with the Champlain Cyber Security Club, released their Spring 2020 DFIR CTF including Windows, MacOS, and Apple iOS images, as well as network traffic analysis, OSINT, and reversing challenges.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |