26
loading...
TryHackMe TShark
TryHackMe TShark
-r flag enable reading a PCAP file.wc's -l flag counts the lines of a given input.
$ tshark -r dns.cap | wc -l
38Answer:
38-Y "dns.qry.type == 1" is used to filter DNS A records.
$ tshark -r dns.cap -Y "dns.qry.type == 1" | wc -l
6Answer:
6-T fields is used to specify the output's format.-e dns.qry.name is specify which field to output.
$ tshark -r dns.cap -Y "dns.qry.type == 1" -T fields -e dns.qry.name
www.netbsd.org
www.netbsd.org
GRIMM.utelsystems.local
GRIMM.utelsystems.local
GRIMM.utelsystems.local
GRIMM.utelsystems.localAnswer:
GRIMM.utelsystems.local$ tshark -r task3.pcap | wc -l
125Answer:
125$ tshark -r task3.pcap -Y "dns.flags.response == 0" | wc -l
56Answer:
56$ tshark -r task3.pcap -Y "dns.flags.response == 0" -T fields -e dns.id
0x0000beefAnswer:
0x0000beef$ tshark -r task3.pcap -Y "dns.flags.response == 0" -T fields -e dns.qry.name | cut -c1 | tr "\n" " " | sed 's/ //g'
MZWGCZ33ORUDC427NFZV65BQOVTWQX3XNF2GQMDVG5PXI43IGRZGWIL5Answer:
MZWGCZ33ORUDC427NFZV65BQOVTWQX3XNF2GQMDVG5PXI43IGRZGWIL5$ echo 'MZWGCZ33ORUDC427NFZV65BQOVTWQX3XNF2GQMDVG5PXI43IGRZGWIL5' | base32 -d
flag{th1s_is_t0ugh_with0u7_tsh4rk!}Flag:
flag{th1s_is_t0ugh_with0u7_tsh4rk!}26