Wargames 2017 – Challenge 9 : unreachable

the question is:
“The critical server seems unreachable. The sysadmin tries to identify the cause of it..but weird..he is doing it backwardly.”

question for challenge 2

question for challenge 2

and the hint given to us:

hint for challenge 2

hint for challenge 2

so… RFC 792 – something related to ICMP/ping yada yada
so we open the pcap file in Wireshark, view only ICMP protocol:

open pcap using wireshark & then filter ICMP only

we can see ICMP traffic involving 2 IPs; &
after digging around, I find out there is some “unique differences” at ping identification number; offset 0010. this involving IP

lets use tshark to see it clearly:

use tshark & grep offset 0010

as noted in the hint above;
“he is tracing backwardly.”

the flag is: flag_is_p!ngp0ng~
but actually…. the flag is: p!ngp0ng~

Any Comments?

This site uses Akismet to reduce spam. Learn how your comment data is processed.