trinetra.
cyber defense — learn
tutorials · lab 02 · networking and packet analysis
02 / 10 · INFO
03step · do it for real

A real recording. A real break-in. Your turn.

You've seen the moves. Now spin up your own safe practice machine with a real incident recording loaded. Zoom in, replay, pull out the answer. The flashcards on the right are for warming up; the quiz checks you remember the tshark commands when it counts.

Sandbox · ready to launch

Spawn networking-packet-analysis

You'll get your own private practice machine with the analysis tools (tshark, wireshark-cli) and the recording incident-2026-04-12.pcap already loaded in ~/cases/. Find the conversation where the attacker took control, then submit their address and door as the flag. The session closes itself after 60 idle minutes.

beginner 200 xp ~30 min Ubuntu 24.04 · tshark 4.x · 256 MB · cap-drop ALL
1Open the recording and skim the conversations
2Spot the conversation where the attacker took control
3Pull out the attacker's address and door, submit as the flag
Warm-up · 12 flashcards & 10 questions
Question
click to reveal · ← → keys to browse
Answer
click again to flip back
01 / 12