Round two of #Wiresharklympics is here! Having survived round one, you know the drill. The tiny specs of data that allow services like Facebook and the Internet to work will be put under heavy scrutiny.
We will yet again use a sample packet capture from Netresecs list.
The packet capture sample can be downloaded here:
It’s safe to download. VirusTotal concur.
Enough yada yada
Five questions. Should be at least 8 points up for grabs 🖐
Start off by applying this display filter “tcp.stream == 16”.
- How many hops can we assume there are between the client and the server? (1 point)
- Using fingerprinting techniques, what OS is the server likely running? (1 point per technique)
- What is the average RTT delay between the client and the server? (1 point)
- Following frame #14886, what TCP sequence number (relative) is the client expecting to receive next? (1 point + 1 bonus)
Bonus – In what frame does it receive the expected TCP segment?
- At the beginning of the file transfer there is a delay lasting around 3 seconds. Why? (2 points)
The winner will of course receive loads of street cred. Way better than Facebook likes.
Have a great day 🐼