Part 1- Packet Analysis Challenge
Part A: Preparation
- Copy the evidence.pcap file into the root folder of Kali
- Determine the md5 hash value of the file to check its data integrity (i.e. you have downloaded the full file and no one has altered it). Determine 128-bit MD5 hash of evidence.pcap file using the md5sum tool in Kali.
Verify the md5sum is d187d77e18c84f6d72f5845edca833f5
Part B: Using tcpdump
- Use tcpdump to determine if the traffic in the evidence.pcap is using IPv4 or IPv6? How can you tell?
Hint: #tcpdump –X –r evidence.pcap
Part C: Using Wireshark to gather Statistics
Open the evidence.pcap file in Wireshark
- How many total packets were captured?
Hint: Statistics à Summary
Or Statistics à Capture File Properties
- How many total bytes were captured?
- How much time elapsed from when the first packet was captured till the last packet was captured?
- List the 13 IP addresses that either sent or received packets as a part of this packet capture. (Hint: Summary à EndPoints)