- Analyze re_crowd.pcapng Open file into Wireshark, select Statistics -> Flow Graph, you can see the flow as the bellow picture: When apply the filter like this: (http.request or tls.handshake.type == 1 or tcp.flags eq 0x0002 or dns) and! (Udp.port eq 1900), I see more http request from ip 192.168.68.21 to port 80 of the […]
Article Link: https://kienmanowar.wordpress.com/2020/10/24/flare-on7-chal7-re_crowd-write-up-eng/