University of Cincinnati Logo


Determine IP Address of Undetonated IED

Great work! Based on the signatures you provided, we were able to collect network communications that we believe contains traffic to an IED that is about to be detonated. Unfortunately, there appears to be a lot of unrelated network traffic in the collected data since other programs use the same port. Using the provided packet capture file (PCAP), we need your help to create more specific signatures for identifying network communications with the IED. This would be a huge first step in detecting when an IED has been armed, for example, which would allow us to alert troops in the region around where the signal was collected. For this task, your goals are to identify the version string sent by the client software when initiating a connection to the IED and to determine the IP address of the undetonated IED from the packet capture. UPDATE: Intelligence suggests that the version strings are 11 characters long and look something like x.x-xxxxxxx

captured file: client
captured traffic file: traffic.pcap

source: Codebreaker Challenge, 2016

solution: solution

Paul Erdos
Ladies on Campus
Oscar Robinson