Snyk's Fetch-the-flag Write-up (Forensics)
Void Step How many decoy hosts are randomized in this recon evasion technique Answer: 12 In Wireshark filter: (tcp.flags.syn == 1 && tcp.flags.ack == 0 ) && (ip.dst == 192.168.1.27) Explaination: Destination IP is found through manual inspection. For faster port scanning, we (or the attacker) perform the half-open scan, where SYN=1, ACK=0 (means: send only, no need response). Go to Statistics > Endpoints > IPv4, count the addresses, then minus 1 (the destination address, which we need to exclude). ...