Open in app

Sign in

Write

Sign in

Cybrary — Network Reference Module Challenge

Hassen Hannachi
3 min readMar 6, 2024

--

We will take a look at the TCP/IP and OSI model layers through the Wireshark protocol analyzer. Wireshark will display all the encapsulated portions of a packet in its Packet Details pane. However, it does not conform to either the TCP/IP or OSI model, but rather a combination of both.

Namely, it only combines layers 5-7 (Application, Presentation, Session) of the OSI model, leaving alone layers 1-2 (Physical and Data Link, as opposed to combining them into a Network Access layer as in the TCP/IP model). Let’s add that detail to the diagram you previously viewed so you get the full comparative picture.

It’s also important to note that Wireshark will list these layers of encapsulation with the lower layers at the top (Physical, Data Link), and the higher layers at the bottom (Application).

Alright – enough chit chat. Open the Packet Capture and get busy.

Challenge

In this challenge exercise, You will find another packet capture, Prove.pcapng, on your desktop. Open this thing up in Wireshark and use it to answer the questions in the Tasks pane.

From the Desktop, double-click the Practice.pcpng file to launch this lesson’s Packet Capture in Wireshark.

1. What channel is the Wireless Access Point broadcasting on in this capture? You can find this information in the Physical Layer of the Beacon packets.

36

In the Packet List view, select the first broadcast packet in the list. double-click the 802.11 radio information row to expand it.

2. What TCP port is the web server listening on (the receiver of the HTTP request) in this capture?

1337

Hint:****

In the Wireshark display filter bar, type tcp to show only packets with TCP. Select the first HTTP packet in the list (№784).

In the Packet Details pane, double-click the Transmission Control Protocol row to expand it.

3. What is the Network/Internet Layer address of the machine making an HTTP request?

10.45.0.2

Hint:**.**.*.*

In the Wireshark display filter bar, type tcp to show only packets with TCP. Select the first HTTP packet in the list (№784).

4. What is the flag discovered in the Application layer data returned by the web server?

{CLAB_C3RT}

Hint:{****_****}

In the Packet List pane, select the second HTTP packet (no.787) to view the HTTP response.

In the Packet Details pane, double-click the Line-based text data row to expand it.

Reference:

Wireshark: https://www.wireshark.org/

Wireshark
Cybersecurity
Cyber
Cybrary
Network Security

--

--

Hassen Hannachi
Hassen Hannachi

Written by Hassen Hannachi

174 Followers
2 Following

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams