WireDive is a combo traffic analysis exercise that contains various traces to help you understand how different protocols look on the wire.

Challenge Files:

  • dhcp.pcapng
  • dns.pcapng
  • https.pcapng 
  • network.pcapng 
  • secret_sauce.txt 
  • shell.pcapng 
  • smb.pcapng
# Question Weight Solved
1 File: dhcp.pcapng - What is the transaction ID for the DHCP release? 50 107

2 File: dhcp.pcapng - What is the MAC address of the client? 50 110

3 File: dhcp.pcapng - What IP address is requested by the client? 50 110

4 File dns.pcapng - What is the response for the lookup for flag.fruitinc.xyz? 50 100

5 File: dns.pcapng - Which root server responds to the query? Hostname. 75 73

6 File smb.pcapng - What is the path of the file that is opened? 50 94

7 File smb.pcapng - What is the hex status code when the user SAMBA\jtomato logs in? 75 54

8 File smb.pcapng - What is the tree that is being browsed? 75 78

9 File smb.pcapng - What is the flag in the file? 100 62

10 File shell.pcapng - What port is the shell listening on? 50 94

11 File shell.pcapng - What is the port for the second shell? 50 91

12 File shell.pcapng - What version of netcat is installed? 75 79

13 File shell.pcapng - What file is added to the second shell 75 72

14 File shell.pcapng - What password is used to elevate the shell? 100 73

15 File shell.pcapgng - What is the OS version of the target system? 100 70

16 File shell.pcapng - How many users are on the target system? 150 69

17 File network.pcapgng - What is the IPv6 NTP server IP? 50 85

18 File network.pcapgng - What is the IP address that is requested by the DHCP client? 50 77

19 File network.pcapgng - What is the first authoritative name server for the domain that is being queried? 100 57

20 File network.pcapgng - What is the number of the first VLAN to have a topology change occur? 150 52

21 File network.pcapgng - What is the port for CDP for CCNP-LAB-S2? 150 58

22 File network.pcapgng - What is the MAC address for the root bridge for VLAN 60? 200 47

23 File network.pcapgng - What is the IOS version running on CCNP-LAB-S2? 200 53

24 File network.pcapgng - What is the virtual IP address used for hsrp group 121? 200 49

25 File network.pcapgng - What are the shared networks being advertised by 192.168.10.1 and 192.168.20.1? Format: 'Network1;Network2' without quotes. 200 43

26 File network.pcapgng - How many router solicitations were sent? 200 50

27 File network.pcapgng - What is the management address of CCNP-LAB-S2? 250 52

28 File network.pcapgng - What is the interface being reported on in the first snmp query? 250 50

29 File nework.pcapgng - What is the ip of the radius server? 500 42

30 File network.pcapgng - When was the NVRAM config last updated? Format: 'HH:MM:SS mm:dd:yyyy' without quotes. 500 43

31 File network.pcapgng - What IPv6 prefixes are being advertised? Lowest to highest separated by semicolons. 500 37

32 File https.pcapgng - What has been added to web interaction with web01.fruitinc.xyz? 200 38

33 File https.pcapgng - What is the name of the photo that is viewed in slack? 300 41

34 File https.pcapgng - What is the username and password to login to 192.168.2.1? Format: 'username:password' without quotes. 400 37

35 File https.pcapgng - What is the certStatus for the certificate with a serial number of 07752cebe5222fcf5c7d2038984c5198? 400 42

36 File https.pcapgng - What is the email of someone who needs to change their password? Format: 'username:password' without quotes. 400 35

37 File https.pcapgng - A service is assigned to an interface. What is the interface, and what is the service? 600 31