Since we’ve launched CloudShark Online Accounts, we wanted to celebrate with a special Thanksgiving capture challenge. While most of us in the U.S. will be enjoying hefty helpings of turkey, mashed potatoes, and squash, a select few will be reveling in the magical wonder that is the “Turducken”.
Never heard of turducken? It’s exactly what it sounds like: a chicken, wrapped in a duck, wrapped in a turkey, filled with stuffing and sausage and baked to perfection.
This packet challenge has concluded!
Read on for the solution, or check out the original challenge below!
The Solution A few folks spotted the issue with multicast packets #4 and #6. Normally, IP layer multicast packets also use a layer 2 multicast destination MAC address. But the multicast packets in this capture are using a unicast destination address.
What is going on here?
It turns out that this capture was generated in a wireless network.
This webinar has concluded! If you missed it, you can view it on The CloudShark Channel here:
Watch the video. Title: Using Cisco Meraki's Embedded CloudShark Features Date: Wednesday, August 14, 2013 Time: 11:00 AM - 12:00 PM EDT Space is limited. Reserve your Webinar seat now at: https://www4.gotomeeting.com/register/371875439
Do you use Meraki web managed networking devices? Do you need to troubleshoot networks that use them? Did you know they have an embedded capture mechanism?
Haven’t got one of our snazzy CloudShark P-Caps yet? Well, how good are your dissector skills?
One of the tools we added in CloudShark 1.7 is the protocol hierarchy tool. Similar to that found in Wireshark, the CloudShark protocol hierarchy tool also lets you click on a given protocol and automatically creates a filter for you based on the packets called out in the hierarchy.
Which, you got to admit, is pretty cool.
This capture challenge has concluded! Thank you for all of your answers! You can find the solution below, or try the challenge for yourself.
The Challenge Happy Holidays from CloudShark!
We’ve had a lot of new followers and users of CloudShark.org in the network security field, so we have a special intrusion capture challenge for you this month. It requires very little description, but you can use CloudShark’s web-based analysis tools and packet view to figure it out.
This challenge is now concluded! Read the solution below or scroll down for the original challenge!
The Solution So, what’s going on here?
This communication is happening over a home gateway using Network Address Translation, or NAT. This is very common in home networks as it allows a Service Provider to use only one public address to represent many hosts. It also has an interesting side effect of acting as a natural firewall.
This challenge is now finished! Read the solution below or scroll down to try the challenge for yourself! The Solution CloudShark lets you embed your filters directly in the URL. When we view this packet capture file, we are already brought to the view we want to see: in this case, only DNS and ICMP messages.
Why is that? The problem we’re looking to illustrate happens to be an ICMP packet that is tied to a particular DNS response.
Wish you had a place to put all of your captures? Wish you could do analysis on an iPad? If you missed us at Sharkfest ‘12, join the CloudShark team as we show you how our lua plug-into the Wireshark interface lets you easily upload captures to CloudShark, where you can instantly secure, share, and analyze your captures anywhere, at any time, on any device.
Space is limited. Reserve your Webinar seat now at: https://www4.
Thanks to all who participated in the packet capture challenge at Sharkfest 2012! We had a great time at Sharkfest! Here’s the solution, or scroll down to try the challenge yourself!
The Solution Many folks showed us different approaches to this challenge. Here is one approach.
Visit the HTTP Requests analysis tool for this capture and take a look at the Response Codes tab.
The Response Codes graph shows a break down of traffic by HTTP Response code.
Thanks to all who participated in the packet capture challenge at INTEROP! Here’s the solution, or scroll down to try the challenge yourself!
The Solution The INTEROP packet challenge requires us to find the TCP stream that contains the string “blackjack”. We can do this using the tcp.data display filter and the “contains” criteria. The display filter looks like this:
tcp.data contains “blackjack”
Once we have the stream identified, we can look at it using the “Follow Stream” button.