Thanks to those who participated in our latest Challenge! You can watch the webinar walkthrough here: We’ve been a big fan of malware-traffic-analysis.net. They have a huge archive with cool examples of malicious network attacks and malware attempts, and do a great job taking even newbies through the examples. We wanted to bring one of those examples to our users to see how to solve it in CloudShark.
Every summer the devs here at CloudShark engage in a “Summer Coding Challenge” to flex their programming muscles and relive the glory (horror?) days of computer science homework. It just so happens that one of those challenges this year made a great packet capture challenge for you CloudShark fans!
We got a lot of great answers - we have some of those solutions below, but if you don’t want it spoiled and want to try the capture for yourself, here it is:
Since we’ve launched CloudShark Online Accounts, we wanted to celebrate with a special Thanksgiving capture challenge. While most of us in the U.S. will be enjoying hefty helpings of turkey, mashed potatoes, and squash, a select few will be reveling in the magical wonder that is the “Turducken”.
Never heard of turducken? It’s exactly what it sounds like: a chicken, wrapped in a duck, wrapped in a turkey, filled with stuffing and sausage and baked to perfection.
This challenge is complete! Try it yourself or scroll to the solution below.
It’s been awhile since we’ve had a good old fashioned packet capture challenge here at CloudShark. In preparation for our upcoming webinar on packet capture and analysis in wireless networks, we thought we’d throw out a challenge involving a would-be malicious attacker trying to gain access to a secured wifi network.
The Challenge Take a look at this capture.
This packet challenge has concluded!
Read on for the solution, or check out the original challenge below!
The Solution A few folks spotted the issue with multicast packets #4 and #6. Normally, IP layer multicast packets also use a layer 2 multicast destination MAC address. But the multicast packets in this capture are using a unicast destination address.
What is going on here?
It turns out that this capture was generated in a wireless network.
Haven’t got one of our snazzy CloudShark P-Caps yet? Well, how good are your dissector skills?
One of the tools we added in CloudShark 1.7 is the protocol hierarchy tool. Similar to that found in Wireshark, the CloudShark protocol hierarchy tool also lets you click on a given protocol and automatically creates a filter for you based on the packets called out in the hierarchy.
Which, you got to admit, is pretty cool.
This capture challenge has concluded! Thank you for all of your answers! You can find the solution below, or try the challenge for yourself.
The Challenge Happy Holidays from CloudShark!
We’ve had a lot of new followers and users of CloudShark.org in the network security field, so we have a special intrusion capture challenge for you this month. It requires very little description, but you can use CloudShark’s web-based analysis tools and packet view to figure it out.
This challenge is now concluded! Read the solution below or scroll down for the original challenge!
The Solution So, what’s going on here?
This communication is happening over a home gateway using Network Address Translation, or NAT. This is very common in home networks as it allows a Service Provider to use only one public address to represent many hosts. It also has an interesting side effect of acting as a natural firewall.
This challenge is now finished! Read the solution below or scroll down to try the challenge for yourself! The Solution CloudShark lets you embed your filters directly in the URL. When we view this packet capture file, we are already brought to the view we want to see: in this case, only DNS and ICMP messages.
Why is that? The problem we’re looking to illustrate happens to be an ICMP packet that is tied to a particular DNS response.
Thanks to all who participated in the packet capture challenge at Sharkfest 2012! We had a great time at Sharkfest! Here’s the solution, or scroll down to try the challenge yourself!
The Solution Many folks showed us different approaches to this challenge. Here is one approach.
Visit the HTTP Requests analysis tool for this capture and take a look at the Response Codes tab.
The Response Codes graph shows a break down of traffic by HTTP Response code.
This challenge is over for now! Stay tuned for the next packet capture challenge! First off, thanks to everyone who sent in a solution. The solution is posted here, or try the challenge yourself below!
The Solution Unlike past challenges, this challenge involves multiple capture files with two SIP clients attempting a VoIP call behind a SIP aware router. The first capture was taken on the LAN side of the router.
This challenge is over for now! Stay tuned for the next packet capture challenge! First off, thanks to everyone who sent in a solution. Joe shows us the solution on Youtube, or try the challenge yourself below!
The Challange We are having another Packet Capture Challenge to celebrate the release of CloudShark 1.4. If you can answer the question below, send an email to firstname.lastname@example.org with your address and Tee-Shirt size, we’ll send out a CloudShark tee shirt to the first 10 correct responses we receive.
This challenge is over, for now! Stay tuned for the next packet capture challenge! First off, thanks to everyone who sent in a solution to this packet capture challenge. Some of you told us the challenge was too easy. Don’t worry. They’ll get harder.
Watch Joe show you the solution from a cafe in downtown Portsmouth, NH, or try the challenge for yourself below!
The Challange Ok, gather around packet geeks.