⚠️ Pracivo Security Lab — Download PCAP files and open them in Wireshark. Each file contains hidden credentials or sensitive data to find.
DNS Traffic Analysis
DNS Analysis — Mapping Internal Infrastructure
# DNS queries reveal what services exist on a network
# Apply filter:
dns
# Look for A record queries — they show hostnames being resolved:
dns.qry.type == 1
# Common internal hostnames found via DNS sniffing:
# - dc01.corp.local (domain controller)
# - mail.corp.local (mail server)
# - vpn.corp.local (VPN gateway)
# - backup.corp.local (backup server)
# DNS data exfiltration:
# Attackers can encode stolen data in DNS queries:
# STOLEN_DATA.attacker.com → base64 data in subdomain
# Filter for suspicious long DNS queries:
dns.qry.name contains "corp.local"