Server & Attacker IP - KnightCTF 2025

Posted on by fatherofphysics

Challange Details

  • Challange Name: Server & Attacker IP
  • Category: Networking
  • Difficulty: Easy
  • Description: Analzye the provided .pcapng file to get the attacker & server ip and solve the challange.

Solution

Step 1: Load file in Wireshark

  1. Open the .pcapng file in Wireshark
  2. Note any suspicious protocols such as HTTP, FTP, DNS, or TELNET.

Step 2: Follow HTTP Steam

  1. Navigate to Analyze > follow > HTTP Stream.
  2. Shortcut Ctrl+Alt+Shift+H
  3. Alternatively, use the filter : tcp.stream eq 66108

Step 3: Read the Source and Destination

  1. Check the Source IP & Destination IP.
  2. Right click and follow TCP Stream.
  3. We got the Host.

Step 4: Identitfying the Attacker IP

  1. In the HTTP Steam you will find the only Attacker IP sending packates to enumerate the server.

Step 5: Submitting the flag

  1. To solve this challange we must write first the server ip & then attacker ip.
  2. Format of this flag KCTF{127.0.0.1_0.0.0.0} - actual flag redacted for privacy.