PCAP 26
Bookmarked!This exercise is one of our challenges to help you learn how to analyze PCAP files
To get started with this badge, you need to install Wireshark to inspect the provided network dump. In this challenge, you'll download a PCAP file that contains a single DNS query and its corresponding response. Unlike typical DNS queries that request an A record to fetch an IP address, this query requests a TXT record. TXT records are often used to store information, such as proving domain ownership.
Using Wireshark, you'll open the PCAP file and follow the UDP stream to inspect the DNS query and response. The client is asking for a TXT record for the domain key.pentesterlab.com, and the server's response contains a text value, DEMOKEY-DEMOKEY-DEMOKEY, which is the key for this exercise. This exercise will help you understand how to analyze DNS traffic and extract meaningful data from network captures.