https://flock137.github.io/tags/wireshark/Recent content in Wireshark on Flock137Hugo -- 0.149.0en-usSat, 21 Feb 2026 00:00:00 +0700https://flock137.github.io/posts/snyk_fetch_the_flag/Sat, 21 Feb 2026 00:00:00 +0700https://flock137.github.io/posts/snyk_fetch_the_flag/<h1 id="void-step">Void Step</h1> <h3 id="how-many-decoy-hosts-are-randomized-in-this-recon-evasion-technique">How many decoy hosts are randomized in this recon evasion technique</h3> <p>Answer: 12</p> <p>In Wireshark filter:</p> <pre tabindex="0"><code>(tcp.flags.syn == 1 &amp;&amp; tcp.flags.ack == 0 ) &amp;&amp; (ip.dst == 192.168.1.27) </code></pre><p>Explaination:</p> <ul> <li>Destination IP is found through manual inspection.</li> <li>For faster port scanning, we (or the attacker) perform the half-open scan, where SYN=1, ACK=0 (means: send only, no need response).</li> </ul> <p>Go to Statistics &gt; Endpoints &gt; IPv4, count the addresses, then minus 1 (the destination address, which we need to exclude).</p>