This is our old Q&A Site. Please post any new questions and answers at

Hello, I haven't been unable to figure out the following:

a) If there was an SSH connection.

b) If a web browser was used ( like which one )

c)How many packages have a TTL ( time to Live) in a certain range.

d) How do I find out if there was a peer-to-peer file sharing ?

Does anyone know ? I can't find this anywhere.

asked 26 Jan '15, 05:59

Xandi's gravatar image

accept rate: 0%

edited 26 Jan '15, 06:05

Jasper's gravatar image

Jasper ♦♦

Some hints (we usually don't solve homework assignments):

a) determine the TCP or UDP port SSH runs on. Filter for that port, check if anything shows up. If it does, you found one. b) web browsers use HTTP. Find the port for that. Filter on it. Check user agent strings. c) easiest would be to add a column for this. Find a TTL field, use pop up menu to "Apply as column" d) check if there is SMB/CIFS in the capture (find the port, filter, yada yada yada)

If you "can't find this anywhere" you haven't really put any time into it, so take the hints and use them. It takes probably 15-30 minutes to do all this if starting from scratch.

permanent link

answered 26 Jan '15, 12:37

Jasper's gravatar image

Jasper ♦♦
accept rate: 18%

Just need get familiar with the program. Thank you

(26 Jan '15, 23:58) Xandi
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 26 Jan '15, 05:59

question was seen: 1,998 times

last updated: 27 Jan '15, 01:40

p​o​w​e​r​e​d by O​S​Q​A