|TamuCTF 2019||MicroServices - 0_Intrusion||Forensic||100||803|
Download: microservice.pcap - md5: 18d2c48f5d03d5faa5cb4473f9819b4b
Welcome to MicroServices inc, where do all things micro and service oriented! Recently we got an alert saying there was suspicious traffic on one of our web servers. Can you help us out?
- What is the IP Address of the attacker?
microservice.pcap - md5: 18d2c48f5d03d5faa5cb4473f9819b4b
I used wireshark to get the @IP with the most occurences.
For this flag I don’t have any real analysis, I just opened the PCAP file and looked at the different TCP conversations. The IP that sends the most data and voila:
Fig 1: Malicious IP