This exercise is one of our challenges to help you learn how to analyze PCAP files

< 1 Hr.
PCAP badge


To get started with this badge, you will need to install Wireshark, a network protocol analyzer. In this challenge, you can download the PCAP file using the provided link. The goal is to retrieve an email sent to an @pentesterlab.com address from the network capture. Once you identify the recipient address, you should use it as the key, ensuring you remove the @pentesterlab.com domain before submitting it.

Using Wireshark, you should follow the TCP stream to capture the content of the SMTP connection. You'll notice two "To" fields: one in the envelope and one in the email message itself. The key for this exercise is embedded in the recipient address within the email content. Understanding the distinction between the envelope and the email's "To" field is crucial, especially when dealing with mailing lists, BCC, or CC fields. This exercise will help you become proficient in analyzing network traffic and extracting meaningful data.

Want to learn more? Get started with PentesterLab Pro! GO PRO