PCAP 26

This exercise is one of our challenges to help you learn how to analyze PCAP files

PRO
Tier
Easy
< 1 Hr.
5697
PCAP badge

To get started with this badge, you need to install Wireshark to inspect the provided network dump. In this challenge, you'll download a PCAP file that contains a single DNS query and its corresponding response. Unlike typical DNS queries that request an A record to fetch an IP address, this query requests a TXT record. TXT records are often used to store information, such as proving domain ownership.

Using Wireshark, you'll open the PCAP file and follow the UDP stream to inspect the DNS query and response. The client is asking for a TXT record for the domain key.pentesterlab.com, and the server's response contains a text value, DEMOKEY-DEMOKEY-DEMOKEY, which is the key for this exercise. This exercise will help you understand how to analyze DNS traffic and extract meaningful data from network captures.

Want to learn more? Get started with PentesterLab Pro! GOPRO