![]() ![]() ![]() This time we are looking at Spanning Tree Protocol, which I am not familiar with at all! As usual the Wireshark wiki STP page has enough information for us to identify a Display Filter that will isolate Topology Changes ( TC). ![]() What is the number of the first VLAN to have a topology change occur? cdp.deviceid contains CCNP-LAB-S2Įxamining the packet we find the Port ID field containing our answer: flag 05 – Who changed (150 points) The Wireshark wiki has a nice overview of CDP, including a Display Filter reference that we can use to filter out the packets we need based on the Device ID provided in the question. The Cisco Discovery Protocol is used to share information about other directly connected Cisco equipment, such as the operating system version, IP address, and Port ID. What is the port for CDP for CCNP-LAB-S2? We only need to submit one: flag 04 – How am I talking? (150 points) The Authoritative nameservers field contains the details we are after. The details of the authoritative name servers can be found in the DNS Response packets. What is the authoritative name server for the domain that is being queried? …we can see the IPv6 address of the NTP server. Using a simple Display Filter to isolate NTP traffic using IPv6… ntp & ipv6 What is the IP address that is requested by the DHCP client?Īfter answering the DHCP questions, we know that we can use the following Display Filter to isolate DHCP Request packets: = 3Įxamining the packet details we find the Requested IP Address field. This write-up covers the questions relating to the network PCAP file. As the questions were split over multiple PCAP files ( shell, smb, dhcp, network, dns, and https), I have decided to split my write-ups by PCAP for ease of reading. This series of write-ups covers the network forensics section. In May 2020 the Champlain College Digital Forensics Association, in collaboration with the Champlain Cyber Security Club, released their Spring 2020 DFIR CTF including Windows, MacOS, and Apple iOS images, as well as network traffic analysis, OSINT, and reversing challenges. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |