Skip to content

TryHackMe Writeups

Wiresharkthebasics

TryHackMe Writeups

Home
Crackthehash
Cyberadventtemplate
Template
25daysofchristmas
25daysofchristmas
- 25daysofchristmas
AIforcyber aoc2025 y9wWQ1zRgB
AIforcyber aoc2025 y9wWQ1zRgB
- AIforcyber aoc2025 y9wWQ1zRgB
HackfinityBattle
HackfinityBattle
- HackfinityBattle
ICS modbus aoc2025 g3m6n9b1v4
ICS modbus aoc2025 g3m6n9b1v4
- ICS modbus aoc2025 g3m6n9b1v4
Adenumeration
Adenumeration
- Adenumeration
Adv3nt0fdbopsjcap
Adv3nt0fdbopsjcap
- Adv3nt0fdbopsjcap
Adventofcyber2
Adventofcyber2
- Adventofcyber2
Adventofcyber2023
Adventofcyber2023
- Adventofcyber2023
Adventofcyber2024
Adventofcyber2024
- WIP adventofcyber2024
- Adventofcyber2024
Adventofcyber23sidequest
Adventofcyber23sidequest
- Adventofcyber23sidequest
Adventofcyber24sidequest
Adventofcyber24sidequest
- Adventofcyber24sidequest
Adventofcyber25
Adventofcyber25
- Adventofcyber25
Adventofcyber25sidequest
Adventofcyber25sidequest
- Adventofcyber25sidequest
Agentsudoctf
Agentsudoctf
- Agentsudoctf
Anonymous
Anonymous
- Anonymous
Attacks on ecrypted files aoc2025 asdfghj123
Attacks on ecrypted files aoc2025 asdfghj123
- Attacks on ecrypted files aoc2025 asdfghj123
Auditingandmonitoringse
Auditingandmonitoringse
- Auditingandmonitoringse
Authenticationbypass
Authenticationbypass
- Authenticationbypass
Azuresentinel aoc2025 a7d3h9k0p2
Azuresentinel aoc2025 a7d3h9k0p2
- Azuresentinel aoc2025 a7d3h9k0p2
Blaster
Blaster
- Blaster
Blue
Blue
- Blue
Bof1
Bof1
- Bof1
Breachingad
Breachingad
- Breachingad
Breakrsa
Breakrsa
- Breakrsa
Burpsuitebasics
Burpsuitebasics
- Burpsuitebasics
Burpsuiteintruder
Burpsuiteintruder
- Burpsuiteintruder
Burpsuiteom
Burpsuiteom
- Burpsuiteom
Burpsuiterepeater
Burpsuiterepeater
- Burpsuiterepeater
Cloudenum aoc2025 y4u7i0o3p6
Cloudenum aoc2025 y4u7i0o3p6
- Cloudenum aoc2025 y4u7i0o3p6
Codeanalysis
Codeanalysis
- Codeanalysis
Commonlinuxprivesc
Commonlinuxprivesc
- Commonlinuxprivesc
Container security aoc2025 z0x3v6n9m2
Container security aoc2025 z0x3v6n9m2
- Container security aoc2025 z0x3v6n9m2
Contentdiscovery
Contentdiscovery
- Contentdiscovery
Cowboyhacker
Cowboyhacker
- Cowboyhacker
Crackthehash
Crackthehash
- Crackthehash
Cryptographyintro
Cryptographyintro
- Cryptographyintro
Cybergovernanceregulation
Cybergovernanceregulation
- Cybergovernanceregulation
Dastzap
Dastzap
- Dastzap
Dataxexfilt
Dataxexfilt
- Dataxexfilt
Detecting c2 with rita aoc2025 m9n2b5v8c1
Detecting c2 with rita aoc2025 m9n2b5v8c1
- Detecting c2 with rita aoc2025 m9n2b5v8c1
Easyctf
Easyctf
- Easyctf
Encoding decoding aoc2025 s1a4z7x0c3
Encoding decoding aoc2025 s1a4z7x0c3
- Encoding decoding aoc2025 s1a4z7x0c3
Encryptioncrypto101
Encryptioncrypto101
- Encryptioncrypto101
Enumerationpe
Enumerationpe
- Enumerationpe
Exploitingad
Exploitingad
- Exploitingad
Fileinc
Fileinc
- Fileinc
First shift ctf
First shift ctf
- First shift ctf
Htapowershell aoc2025 p2l5k8j1h4
Htapowershell aoc2025 p2l5k8j1h4
- Htapowershell aoc2025 p2l5k8j1h4
Hydra
Hydra
- Hydra
Ice
Ice
- Ice
idor aoc2025 zl6MywQid9
idor aoc2025 zl6MywQid9
- idor aoc2025 zl6MywQid9
Intronetworksecurity
Intronetworksecurity
- Intronetworksecurity
Johntheripper0
Johntheripper0
- Johntheripper0
Kenobi
Kenobi
- Kenobi
Lateralmovementandpivoting
Lateralmovementandpivoting
- Lateralmovementandpivoting
Linprivesc
Linprivesc
- Linprivesc
Linuxcli aoc2025 o1fpqkvxti
Linuxcli aoc2025 o1fpqkvxti
- Linuxcli aoc2025 o1fpqkvxti
Linuxfundamentalspart1
Linuxfundamentalspart1
- Linuxfundamentalspart1
Linuxfundamentalspart2
Linuxfundamentalspart2
- Linuxfundamentalspart2
Linuxfundamentalspart3
Linuxfundamentalspart3
- Linuxfundamentalspart3
Linuxprivesc
Linuxprivesc
- Linuxprivesc
Linuxsystemhardening
Linuxsystemhardening
- Linuxsystemhardening
Malmalintroductory
Malmalintroductory
- Malmalintroductory
malware sandbox aoc2025 SD1zn4fZQt
malware sandbox aoc2025 SD1zn4fZQt
- malware sandbox aoc2025 SD1zn4fZQt
Metasploitexploitation
Metasploitexploitation
- Metasploitexploitation
Meterpreter
Meterpreter
- Meterpreter
Netsecchallenge
Netsecchallenge
- Netsecchallenge
Networkservices aoc2025 jnsoqbxgky
Networkservices aoc2025 jnsoqbxgky
- Networkservices aoc2025 jnsoqbxgky
Obfuscation aoc2025 e5r8t2y6u9
Obfuscation aoc2025 e5r8t2y6u9
- Obfuscation aoc2025 e5r8t2y6u9
Ohsint
Ohsint
- Ohsint
Operatingsystemsecurity
Operatingsystemsecurity
- Operatingsystemsecurity
Owaspjuiceshop
Owaspjuiceshop
- Owaspjuiceshop
Owasptop102021
Owasptop102021
- Owasptop102021
Passwordattacks
Passwordattacks
- Passwordattacks
Persistingad
Persistingad
- Persistingad
phishing aoc2025 h2tkye9fzU
phishing aoc2025 h2tkye9fzU
- phishing aoc2025 h2tkye9fzU
Picklerick
Picklerick
- Picklerick
Postexploit
Postexploit
- Postexploit
Powershell
Powershell
- Powershell
Printerhacking101
Printerhacking101
- Printerhacking101
promptinjection aoc2025 sxUMnCkvLO
promptinjection aoc2025 sxUMnCkvLO
- promptinjection aoc2025 sxUMnCkvLO
Race conditions aoc2025 d7f0g3h6j9
Race conditions aoc2025 d7f0g3h6j9
- Race conditions aoc2025 d7f0g3h6j9
Redteamrecon
Redteamrecon
- Redteamrecon
Registry forensics aoc2025 h6k9j2l5p8
Registry forensics aoc2025 h6k9j2l5p8
- Registry forensics aoc2025 h6k9j2l5p8
Rpnessusredux
Rpnessusredux
- Rpnessusredux
Rrootme
Rrootme
- Rrootme
Sast
Sast
- Sast
Seriskmanagement
Seriskmanagement
- Seriskmanagement
Shodan
Shodan
- Shodan
Splunkforloganalysis aoc2025 x8fj2k4rqp
Splunkforloganalysis aoc2025 x8fj2k4rqp
- Splunkforloganalysis aoc2025 x8fj2k4rqp
Spottingphishing aoc2025 r2g4f6s8l0
Spottingphishing aoc2025 r2g4f6s8l0
- Spottingphishing aoc2025 r2g4f6s8l0
Sql injection
Sql injection
- Sql injection
Steelmountain
Steelmountain
- Steelmountain
Thelayoftheland
Thelayoftheland
- Thelayoftheland
Threatmodelling
Threatmodelling
- Threatmodelling
Traverse
Traverse
- Traverse
Uploadvulns
Uploadvulns
- Uploadvulns
Vulnerabilitycapstone
Vulnerabilitycapstone
- Vulnerabilitycapstone
Vulnerabilitymanagementkj
Vulnerabilitymanagementkj
- Vulnerabilitymanagementkj
Vulnversity
Vulnversity
- Vulnversity
Walkinganapplication
Walkinganapplication
- Walkinganapplication
Weaponization
Weaponization
- Weaponization
Webattackforensics aoc2025 b4t7c1d5f8
Webattackforensics aoc2025 b4t7c1d5f8
- Webattackforensics aoc2025 b4t7c1d5f8
Webhackingusingcurl aoc2025 w8q1a4s7d0
Webhackingusingcurl aoc2025 w8q1a4s7d0
- Webhackingusingcurl aoc2025 w8q1a4s7d0
Winadbasics
Winadbasics
- Winadbasics
Windows10privesc
Windows10privesc
- Windows10privesc
Windowsfundamentals1
Windowsfundamentals1
- Windowsfundamentals
Windowsfundamentals2
Windowsfundamentals2
- Windowsfundamentals2
Windowsfundamentals3
Windowsfundamentals3
- Windowsfundamentals3
Windowslocalpersistence
Windowslocalpersistence
- Windowslocalpersistence
Windowsprivesc20
Windowsprivesc20
- Windowsprivesc20
Wiresharkpacketoperations
Wiresharkpacketoperations
- Wiresharkpacketoperations
Wiresharkthebasics
Wiresharkthebasics
- Wiresharkthebasics Wiresharkthebasics
  Table of contents
  - Table of contents
    
    Introduction
    
    Tool Overview
    
    Packet Dissection
    
    Packet Navigation
    
    Packet Filtering
Wonderland
Wonderland
- Wonderland
Xss aoc2025 c5j8b1m4t6
Xss aoc2025 c5j8b1m4t6
- Xss aoc2025 c5j8b1m4t6
Yara aoc2025 q9w1e3y5u7
Yara aoc2025 q9w1e3y5u7
- Yara aoc2025 q9w1e3y5u7

Title Banner

Wireshark: The Basics Logo

Wireshark: The Basics

This guide contains the answer and steps necessary to get to them for the Wireshark: The Basics room.

Table of contents

Introduction
Tool Overview
Packet Dissection
Packet Navigation
Packet Filtering

Introduction

Which file is used to simulate the screenshots?

Click for answer
http1.pcapng

Which file is used to answer the questions?

Click for answer
Exercise.pcapng

Tool Overview

Use the "Exercise.pcapng" file to answer the questions.

For these questions we must look at the Capture File Properties.

Overview Answers

Read the "capture file comments". What is the flag?

Click for answer
TryHackMe_Wireshark_Demo

What is the total number of packets?

Click for answer
58620

What is the SHA256 hash value of the capture file?

Click for answer
f446de335565fb0b0ee5e5a3266703c778b2f3dfad7efeaeccb2da5641a6d6eb

Packet Dissection

Use the "Exercise.pcapng" file to answer the questions.

View packet number 38. Which markup language is used under the HTTP protocol?

After selecting the corresponding packet, the used markup language is displayed at the bottom of the details pane.

Dissection Markup

Click for answer
eXtensible Markup Language

What is the arrival date of the packet? (Answer format: Month/Day/Year)

This can be found under the Frame layer.

Dissection Time

Click for answer
05/13/2004

What is the TTL value?

This can be found under the IP Source layer.

Dissection TTL

Click for answer
47

What is the TCP payload size?

This can be found under the TCP layer.

Dissection Payload

Click for answer
424

What is the e-tag value?

This can be found under the HTTP layer.

Dissection Etag

Click for answer
9a01a-4696-7e354b00

Use the "Exercise.pcapng" file to answer the questions.

Search the "r4w" string in packet details. What is the name of artist 1?

Searching for "r4w" in the packets details pane, we get a hit for packet 43362.

Navigation Artist

Click for answer
r4w8173

Go to packet 12 and read the comments. What is the answer?

Package 12 contains the following comment.

Go to packet number 39765
Look at the "packet details pane". Right-click on the JPEG section and "Export packet bytes". This is an alternative way of extracting data from a capture file. What is the MD5 hash value of extracted image?

Navigation Answer 1

After navigating to packet 39765 and exporting the object, we can extract its hash using md5sum.

Navigation Download

Navigation Hash

Click for answer
911cd574a42865a956ccde2d04495ebf

There is a ".txt" file inside the capture file. Find the file and read it; what is the alien's name?

To get this file, we navigate to the 'export http objects' menu. Here we filter on text/plain files. This gives us one hit. From here we can preview it to find the name.

Navigation Alien

Click for answer
Packetmaster

Look at the expert info section. What is the number of warnings?

The warning row has a column with the number of errors.

Navigation Warnings

Click for answer
1636

Packet Filtering

Use the "Exercise.pcapng" file to answer the questions.

Go to packet number 4. Right-click on the "Hypertext Transfer Protocol" and apply it as a filter. Now, look at the filter pane. What is the filter query?

After applying the filter, we see the query in the display filter box.

Filtering Http

Click for answer
http

What is the number of displayed packets?

At the bottom of the window we get the number of displayed packets.

Click for answer
1089

Go to packet number 33790 and follow the stream. What is the total number of artists?

After navigating to packet 33790 and following the http stream, we can see the entire communication stream. We can get the number of artist by looking at the stream or by exporting the relevant html file.

Filtering Follow

Filtering Artists

Click for answer
3

What is the name of the second artist?

Click for answer
Blad3