I am stuck on the second question:
There is a file named revilkaseya.pcap in the /home/htb-student/pcaps directory, which contains network traffic related to the REvil ransomware Kaseya supply chain attack. Enter the total number of bytes that the victim has transmitted to the IP address 178.23.155.240 as your answer.
I have downloaded the file to the VW, and opened it with Wireshark. I then applied the filter ip.dst==178.23.155.240. I have tried to Sum the number of bytes, but I cannot get the right answer. Does anyone have any advice? Please and thank you.
Zeek is all you need to find the answer. Everything you need is in one of the examples.
I tried running usr/local/zeek/bin/zeek -C -r /home/htb-student/pcaps/revilkaseya.pcap, but I received an error: 1623906441.178691 error: connection does not have analyzer specified to disable. I can run the commands in the example, and have no issues. Is this something with the VM, or am I still missing something? Thank you in advance for any advice.
I got the same error but it still generated the conn.log needed to solve the question.
1 Like
Thanks for the assist. I was able to generate the conn.log file, and found the answer.
1 Like
For anyone still having issues. They give you the command in the examples. It uses cat and zeekcut to count the total number of bytes.