Fredrik Holmberg

Network Consultant  

Packet Analysis Challenge #1

The Sharkminator

Vacation’s over. Your networks have been underutilized for a good long month now. Time to get back to the trenches. Why not start things off with a proper packet analysis challenge? At least fire up Wireshark to see if there’s an auto-update waiting for you?

Thank you Netresec for providing a huge list of packet captures to play with!

We will borrow a 13 MB packet capture from the excellent book “Practical Packet Analysis“.

$ shasum wireshark1.pcapng
b8060f2b946f33b79833710db458368cd382d06c wireshark1.pcapng

Please go ahead and download the pcap file. Yes, it’s safe to download.


<gong sound>

Five questions + one bonus. One point per question:

  1. How many non-broadcast IPv4 nodes is Wireshark seeing?
  2. The client downloads an EXE file, twice. From which countries is it downloading the file from?
  3. How many Bytes is the client expecting to download for each EXE file?
  4. Looking at the fastest of the two transfers, at what speed is the file downloaded on average in kbps, kilobit per second?
  5. One node is not accepting the use of full TCP segments. Which one?
    1. BONUS – How many Bytes is the client potentially missing out on per round-trip?

Easy peasy?

Please send me your answers via a communication platform of your liking. The social medias or email. Doesn’t matter!

The winner will get loads of street cred as defined by Urban Dictionary:

He’s been thru it all. His street cred is undeniable.

That’s all you need. Get to it! 👊

Sharing is caring:
Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Share on RedditShare on TumblrPrint this pageEmail this to someone


  1. My “street cred application” has been filled out and submitted.

    Great challange! Keep’em coming 😉


Leave a Reply

Your email address will not be published.


© 2017 Fredrik Holmberg

Theme by Anders NorenUp ↑