challenge007

Description:

We found the network capture of a possible honeypot attack. Can you help us find out some more information about it?

What is the victim’s IP address?

Category: forensic
Challenge file: attack.pcap

Solution:

Open the pcap file.
Open statistics and go to endpoints
See which type of endpoint has the most ip address has most data conversations
Under TCP, there are only two ip address, but is uneven.
Apply filter on the that is less
Use TCP stream, and there found the honeypot handshake conversation

References:https://digitalitskills.com/cyberdefenders-honeypot-wireshark-pcap-analysis/

Flag: isfcr{192.150.11.111}