CTFtime.org / TAMUctf 19 / 0_network_enumeration_reading

# 0_Network_Enumeration

We're given a pcap file and asked to find the IP address of a private web server on there, as well as how many hosts made contact with that webserver.

Let's open up the pcap with Wireshark and start looking around.

```
$ wireshark capture.pcap
```

We're told that it's a private web server, so I immediately filter for HTTP traffic.

![](https://raw.githubusercontent.com/shawnduong/ctf-writeups/master/2019-TAMU/images/0_Network_Enumeration-1.png)

As we can see, a lot of HTTP requests are being made directed at 192.168.11.4. This is the IP of the web server.

We're also asked how many hosts made contact with this. We can simply just apply a filter to only show 192.168.11.4 as a destination, and then count how many connections were made.

![](https://raw.githubusercontent.com/shawnduong/ctf-writeups/master/2019-TAMU/images/0_Network_Enumeration-2.png)

After counting, we see that it made contact with 13 hosts.

Original writeup (https://github.com/shawnduong/ctf-writeups/blob/master/2019-TAMU/ReadingRainbow/0_Network_Enumeration.md).

0_network_enumeration_reading_rainbow

Comments

0_network_enumeration_reading_rainbow

Comments

Sign in with