This exercise is one of our challenges to help you learn how to analyze PCAP files

< 1 Hr.
PCAP badge


To get started with this lab, you need to install Wireshark to inspect the provided network dump. The lab revolves around a PCAP file that contains a TLS connection between a client and a server. During this interaction, the client sends a "Client Hello" message, and the server responds with a "Server Hello" message, which includes its certificate.

The main objective of this exercise is to extract the Common Name (CN) from the server's certificate. Despite the encrypted nature of TLS traffic, some information, such as the server's certificate and its Common Name, is still visible during the handshake. The key to completing this lab is to identify the Common Name from the server's certificate and use it, excluding the ".pentesterlab.com" part.

Want to learn more? Get started with PentesterLab Pro! GO PRO