Challenge 1 Explanation: Attention to Details
Being able to analyze network traffic is a very valuable skill for a cybersecurity specialist. Analyzing traffic can allow a cyber-defender to identify what a malicious user is doing and what endpoint he or she is connected to. Also, if a computer network is infected with a malicious program, analyzing network traffic can help find the infected computers. In this challenge, we analyzed the network traffic of a user visiting a webpage with a flag on it.
First, open the file in WireshakPortable by double-clicking on the “WiresharkPortable.exe” file included in the CTFA “Programs” folder.
If presented with a warning, like the one below, click “Yes.”
Now click on “File” in the upper right couner of the Wireshark application and select “Open.” Now navigate to where you saved the “FollowTheLeader.pcap” file and select it.
Now that the file is open, we can search for the flag. Since we know the flag was on a webpage, we can start by looking through the “HTTP” packets. Viewing the second “HTTP” packet shows us the html data, which contains the flag.
To read this data easier, right-click the packet and hover over “Follow” and select “TCP stream”.
Now we can easily see the flag and it is in an HTTP packet; therefore, the answer to question 1 is “HTTP”.
As seem in the above screenshot, the flag is “ctfa{terrific_traffic}”.