This exercise is one of our challenges to help you learn how to analyze PCAP files

< 1 Hr.
PCAP badge


This exercise involves downloading and analyzing a PCAP file using Wireshark. The file contains multiple DNS packets, where an attacker attempts to inject DNS responses without knowing the correct transaction ID. Your goal is to find the DNS response that matches the actual client's query using the transaction ID.

The video guide walks you through the process of identifying the correct DNS response by filtering the transaction ID in Wireshark. By applying the filter `dns.id==0x2b25`, you can isolate the legitimate response from the server, which contains the key for this exercise: DEMOKEY-DEMOKEY-DEMOKEY. Another method demonstrated is following the UDP stream to see both the query and response, further confirming the correct answer.

Want to learn more? Get started with PentesterLab Pro! GO PRO