Introduction to Traffic Packet Analysis
In CTFs, analyzing traffic packets is an important part of performing an investigation.
Often the competition will provide a traffic packets PCAP file, where players need to repair or rebuild the files transferred in the PCAP file to perform analysis.
PCAP is the key research direction, the complication is that the packets are filled with a lot of irrelevant traffics, so filter out the irrelevant traffics will be necessary.
Overall, there are the following steps:
- Overall Grasp
- Agreement Rating
- Endpoint Statistics
- Filter Relevant Information
- Filter Syntax
- Host, Protocol, Contains, Flags
- Find Exceptions
- Special Strings
- A Protocol Field
- Flag Located On The Server
- Data Extraction
- Strings Extraction
- Files Extraction
In general, CTF traffic packets analysis falls into these 3 categories:
- Repair Traffic Packet (PCAP) File
- Protocol Analysis
- Data Extraction
本页面的全部内容在 CC BY-NC-SA 4.0 协议之条款下提供,附加条款亦可能应用。