The Sharkminator
Vacation’s over. Your networks have been underutilized for a good long month now. Time to get back to the trenches. Why not start things off with a proper packet analysis challenge? At least fire up Wireshark to see if there’s an auto-update waiting for you?
Thank you Netresec for providing a huge list of packet captures to play with!
We will borrow a 13 MB packet capture from the excellent book “Practical Packet Analysis“.
$ shasum wireshark1.pcapng b8060f2b946f33b79833710db458368cd382d06c wireshark1.pcapng
Please go ahead and download the pcap file. Yes, it’s safe to download.
Ready?
<gong sound>
Five questions + one bonus. One point per question:
- How many non-broadcast IPv4 nodes is Wireshark seeing?
- The client downloads an EXE file, twice. From which countries is it downloading the file from?
- How many Bytes is the client expecting to download for each EXE file?
- Looking at the fastest of the two transfers, at what speed is the file downloaded on average in kbps, kilobit per second?
- One node is not accepting the use of full TCP segments. Which one?
- BONUS – How many Bytes is the client potentially missing out on per round-trip?
Easy peasy?
Please send me your answers via a communication platform of your liking. The social medias or email. Doesn’t matter!
The winner will get loads of street cred as defined by Urban Dictionary:
He’s been thru it all. His street cred is undeniable.
That’s all you need. Get to it! 👊
Sharing is caring:
August 4, 2016 at 12:07
My “street cred application” has been filled out and submitted.
Great challange! Keep’em coming 😉
Regards,
Martin
August 17, 2016 at 16:54
Thanks Martin! Street cred has been handed out 🙂
– Fredrik