PCAP 02

This exercise is one of our challenges to help you learn how to analyze PCAP files

PRO
Tier
Easy
< 1 Hr.
6921
PCAP badge

Course


To begin, you need to install Wireshark to inspect the provided network dump. You can download the PCAP file from the provided link. This challenge involves analyzing a TCP connection where a user connects to a server via Telnet. Telnet is inherently insecure because anyone with access to the packet capture can see the transmitted username, password, and all executed commands.

Using Wireshark, load the PCAP file and follow the TCP stream to observe the conversation. You'll notice the color difference between data sent by the server and the client. The server sends a banner and a login prompt, to which the client responds with the username and password. The server then displays the Debian Message-of-the-Day (MOTD) and the user's executed commands. By examining the Telnet session, you can extract the password, which is crucial for solving this exercise.

Want to learn more? Get started with PentesterLab Pro! GO PRO