The CTF events are common contents at security conferences worldwide. In some CTF challenges, we are given a PCAP file that needs to be analyzed to solve a particular challenge or generally get the flag. This is exactly what we will be doing next. We will solve the CTF challenge given in the Hack3rCon 3 (http://hack3rcon.org/) conference.
Challenge: Capture the flag in the given PCAP file. This file can be downloaded from http://sickbits.net/other/hc3.pcap-04.cap.
Solution: We will solve this challenge using Wireshark and introduce some other utilities, which will help solve it. The steps are as follows:
Open the PCAP file with Wireshark and see the protocols in action.
We can see that this file contains 802.11 frames. The next step would be to identify the security algorithm in use, to see if we can crack the encrypted 802.11 frames and actually see what is going on behind the scenes. We can do this by filtering on unique signatures in each type of security algorithms...