Packet Puzzle (HTB)

Scenario

You are a junior security analyst at a small Japanese cryptocurrency trading company. After detecting suspicious activity on the internal network, you exported a PCAP for further investigation. Analyze this capture to determine whether the environment was compromised and reconstruct the attacker’s actions.

https://app.hackthebox.com/sherlocks/Packet Puzzle

1- What is the source IP address of the attacker involved in this Attack?

192.168.170.128

Screenshot 2025-11-03 114152.png

Screenshot 2025-11-03 114259.png

we can see that 192.168.170.128 is performing port scanning on 192.168.170.130

2- How many open ports did the attacker discover on the victim's system?

8

Screenshot 2025-11-03 114350.png

Screenshot 2025-11-03 114400.png

filtering with ip.dst == 192.168.170.128 to view the responses shows replies from ports 22, 80, 135, 443, 445, 3389 and 5357, which totals eight open ports observed.

Scenario

1- What is the source IP address of the attacker involved in this Attack?

192.168.170.128

2- How many open ports did the attacker discover on the victim's system?

8

3- What is the first open port that responded on the victim's system during reconnaissance?

22