Ciphers Security THM Walkthrough NetworkMiner : TryHackMe Walkthrough
THM Walkthrough

NetworkMiner : TryHackMe Walkthrough

  • by
  • February 5, 2025
  • 0 Comments
  • 3 minutes read
  • 9 Views
  • 3 hours ago
TryHackMe Walkthrough: NetworkMiner

NetworkMiner is an open-source traffic sniffer, pcap handler and protocol analyser. Developed and still maintained by Netresec.

The official description;

NetworkMiner is an open source Network Forensic Analysis Tool (NFAT) for Windows (but also works in Linux / Mac OS X / FreeBSD). NetworkMiner can be used as a passive network sniffer/packet capturing tool to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis and to regenerate/reassemble transmitted files and certificates from PCAP files.

NetworkMiner makes it easy to perform advanced Network Traffic Analysis (NTA) by providing extracted artefacts in an intuitive user interface. The way data is presented not only makes the analysis simpler, it also saves valuable time for the analyst or forensic investigator.

NetworkMiner has, since the first release in 2007, become a popular tool among incident response teams as well as law enforcement. NetworkMiner is today used by companies and organizations all over the world.

Room Link

Task 2 Introduction to Network Forensics

Question: Read the task above.
Answer: No Answer Needed

Task 3 What is NetworkMiner?

Question: Read the task above.
Answer: No Answer Needed

Task 4 Tool Overview 1

Question: Use mx-3.pcap

What is the total number of frames?
Answer: 460

Question: How many IP addresses use the same MAC address with host 145.253.2.203?
Answer: 2

Question: How many packets were sent from host 65.208.228.223?
Answer: 72

Question: What is the name of the webserver banner under host 65.208.228.223?
Answer: Apache

Question: Use mx-4.pcap

What is the extracted username?
Answer: #B\Administrator

Question: What is the extracted password?
Answer: $NETNTLMv2$#B$136B077D942D9A63$FBFF3C253926907AAAAD670A9037F2A5$01010000000000000094D71AE38CD60170A8D571127AE49E00000000020004003300420001001E003000310035003600360053002D00570049004E00310036002D004900520004001E0074006800720065006500620065006500730063006F002E0063006F006D0003003E003000310035003600360073002D00770069006E00310036002D00690072002E0074006800720065006500620065006500730063006F002E0063006F006D0005001E0074006800720065006500620065006500730063006F002E0063006F006D00070008000094D71AE38CD601060004000200000008003000300000000000000000000000003000009050B30CECBEBD73F501D6A2B88286851A6E84DDFAE1211D512A6A5A72594D340A001000000000000000000000000000000000000900220063006900660073002F003100370032002E00310036002E00360036002E0033003600000000000000000000000000

Task 5 Tool Overview 2

Question: Use mx-7 pcap

What is the name of the Linux distro mentioned in the file associated with frame 63075? 
Answer: CentOS

Question: What is the header of the page associated with frame 75942?
Answer: Password-Ned AB

Question: What is the source address of the image “ads.bmp.2E5F0FD9.bmp”?
Answer: 80.239.178.187

Question: What is the frame number of the possible TLS anomaly?
Answer: 36255

Question: Use mx-9 file

Look at the messages. Which platform sent a password reset email?
Answer: Facebook

Question: What is the email address of Branson Matheson?
Answer: [email protected]

Task 6 Version Differences

Question: Which version can detect duplicate MAC addresses?
Answer: 2.7

Question: Which version can handle frames?
Answer: 1.6

Question: Which version can provide more details on packet details?
Answer: 1.6

Task 7 Exercises

Question: Use case1.pcap

What is the OS name of the host 131.151.37.122?
Answer: Windows – Windows NT 4

Question: Investigate the hosts 131.151.37.122 and 131.151.32.91.
How many data bytes were received from host 131.151.32.91 to host 131.151.37.122 through port 1065?
Answer: 192

Question: Investigate the hosts 131.151.37.122 and 131.151.32.21.
How many data bytes were received from host 131.151.37.122 to host 131.151.32.21 through port 143?
Answer: 20769

Question: What is the sequence number of frame 9?
Answer: 2AD77400

Question: What is the number of the detected “content types”?
Answer: 2

Question: Use case2.pcap
Investigate the files.

What is the USB product’s brand name?
Answer: ASIX

Question: What is the name of the phone model?
Answer: Lumia 535

Question: What is the source IP of the fish image?
Answer: 50.22.95.9

Question: What is the password of the “[email protected]”?
Answer: spring2015

Question: What is the DNS Query of frame 62001?
Answer: pop.gmx.com

Task 8 Conclusion

Question: Read the task above.
Answer: No Answer Needed

If you have any queries regarding the above content, or you want to update anything in the content, then contact us with your queries. You can directly post your question in the group.

Connect with us on these platforms

Tags:

Share This Post:

Leave feedback about this

  • Quality
  • Price
  • Service

PROS

+
Add Field

CONS

+
Add Field
Choose Image
Choose Video

Related Post

Snort Challenge - Live Attacks
THM Walkthrough

TryHackMe Walkthrough: Snort Challenge – Live Attacks

February 4, 2025
Snort Challenge - The Basics
THM Walkthrough

TryHackMe Walkthrough: Snort Challenge – The Basics

February 4, 2025
TryHackMe Walkthrough: Snort, Network Security and Traffic Analysis
THM Walkthrough

TryHackMe Walkthrough: Snort, Network Security and Traffic Analysis

December 29, 2024
The Art of OS Discovery: How Banner Grabbing Reveals System Vulnerabilities 4
Scanning Network

The Art of OS Discovery: How Banner Grabbing Reveals

September 15, 2024
Techniques Used for discovering Ports and Services 39
Scanning Network

Techniques Used for discovering Ports and Services

September 15, 2024
TryHackMe Walkthrough: Network Security Protocols
THM Walkthrough

TryHackMe Walkthrough: Network Security Protocols

May 16, 2024