TryHackMe: Advent of Cyber 2023 (Day 2) O Data, All Ye Faithful

“After yesterday’s resounding success, McHoneyBell walks into AntarctiCrafts’ office with a gleaming smile. She takes out her company-issued laptop from her knapsack and decides to check the news. “Traffic on the North-15 Highway? Glad I skied into work today,” she boasts. A notification from the Best Festival Company’s internal communication tool (HollyChat) pings.

It’s another task. It reads, “The B-Team has been tasked with understanding the network of AntarctiCrafts’ South Pole site”. Taking a minute to think about the task ahead, McHoneyBell realises that AntarctiCrafts has no fancy technology that captures events on the network. “No tech? No problem!” exclaims McHoneyBell.

She decides to open up her Python terminal…”

You are given a Jupyter notebook and have to use it to answer log analysis questions based on the required code and packet capture file.

It looks like there are only 5 packets there, but that’s just a preview, it links to a file with many more.

Question 1: How many packets were captured (looking at the PacketNumber)?

I did open up the actual network_traffic.csv file and just scrolled to the bottom to see, lol.

But that’s not the point of the exercise. This is the actual code I used to get the answer:

Question 2: What IP address sent the most amount of traffic during the packet capture?

Here is the code I used to accomplish this task:

Question 3: What was the most frequent protocol?

I generally use a SIEM for log analysis, so this was different, but definitely interesting.❤