PCAP 29

To get started with this lab, you will need to install Wireshark to inspect the provided network dump. Download the PCAP file from the provided link and open it in Wireshark. This challenge involves analyzing an ICMP request and reply, often referred to as a "ping." ICMP can be used as a covert channel to send information between systems without raising alarms. The key to solving this exercise is embedded in the ICMP request.

In the video, we explain that ICMP traffic can be used to send information covertly, bypassing firewalls that may monitor TCP or UDP traffic but not ICMP. By examining the data payload of the ICMP packets in Wireshark, you can find the key for this exercise. Wireshark has already decoded the necessary information, making it easier to identify the embedded data in the ICMP request. This exercise highlights the importance of monitoring all types of network traffic to detect potential data exfiltration.