#1 What is the FTP password?

→ tcp.port = 21

AfricaCTF2021

#2 What is the IPv6 address of the DNS server used by 192.168.1.26? (####::####:####:####:####)

→ fe80::c80b:adff:feaa:1db7 / dns 필터링하기

#3What domain is the user looking up in packet 15174?

→ 패킷 보면 됨

#4 How many UDP packets were sent from 192.168.1.26 to 24.39.217.246?

→ ip.src == 192.168.1.26 && ip.dst == 24.39.217.246

10개

#5 What is the MAC address of the system being monitored?

→ c8:09:a8:57:47:93

#6 What was the camera model name used to take picture 20210429_152157.jpg ?

ftp-data 필터링 hex값에 찍힘

→lm-q725k

#7 What is the server certificate public key that was used in TLS session: da4a0000342e4b73459d7360b4bea971cc303ac18d29b99067e46d16cc07f4ff?

find packet → Packet details → string 검색

→04edcc123af7b13e90ce101a31c2f996f471a7c8f48a1b81d765085f548059a550f3f4f62ca1f0e8f74d727053074a37bceb2cbdc7ce2a8994dcd76dd6834eefc5438c3b6da929321f3a1366bd14c877cc83e5d0731b7f80a6b80916efd4a23a4d

#8 What is the first TLS 1.3 client random that was used to establish a connection with protonmail.com?

proton으로 필터검색 후 client 찾으면 됨

→ Random: 24e92513b97a0348f733d16996929a79be21b0b1400cd7e2862a732ce7775b70

#9 What country is the MAC address of the FTP server registered in? (two words, one space in between)

FTP 패킷보고 웹 사이트에서 vender찾기 국가가 나온다

→united states

#10 What time was a non-standard folder created on the FTP server on the 20th of April? (hh:mm)

list 요청한 패킷이 있음 ftp-data 필터링해서 보자

#11 What domain was the user connected to in packet 27300?

https://www.wireshark.org/docs/dfref/d/dns.html

dns.a 해당 IP 주소

→ dfir.science