The Sharkminator returns.

The Sharkminator returns.

Round two of #Wiresharklympics is here! Having survived round one, you know the drill. The tiny specs of data that allow services like Facebook and the Internet to work will be put under heavy scrutiny.

Wireshark has reached a stable release of 2.2.1 and is eagerly awaiting new challenges.

We will yet again use a sample packet capture from Netresecs list.

The packet capture sample can be downloaded here:
https://dl.dropboxusercontent.com/u/1185688/blog/wireshark2.pcapng

It’s safe to download. VirusTotal concur.

Enough yada yada

Five questions. Should be at least 8 points up for grabs 🖐

Start off by applying this display filter “tcp.stream == 16”.

  1. How many hops can we assume there are between the client and the server? (1 point)
  2. Using fingerprinting techniques, what OS is the server likely running? (1 point per technique)
  3. What is the average RTT delay between the client and the server? (1 point)
  4. Following frame #14886, what TCP sequence number (relative) is the client expecting to receive next? (1 point + 1 bonus)
    Bonus – In what frame does it receive the expected TCP segment?
  5. At the beginning of the file transfer there is a delay lasting around 3 seconds. Why? (2 points)

Easy peasy?

Please send me your questions and answers via a communication transport of your liking. A comment here, the social medias or email. Doesn’t matter!

The winner will of course receive loads of street cred. Way better than Facebook likes.

Have a great day 🐼



Sharing is caring:
Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Share on RedditShare on TumblrPrint this pageEmail this to someone