 Hey, what's going on everybody? My name is John Hammond. Welcome back to the YouTube video. Still checking out the Kaisen CTF a couple of challenges We're moving into some of the networking stuff The first one was called packets without borders. It was a hundred point challenge Challenge problem here is our IT department intercepts some foreign network traffic coming from employee's computer How many packets have a non-USA IP address note? This does not follow the usual flag format So we we finished this challenge and we were begging our heads against it for a while because honestly I was trying some crazy ideas to like generate or like search for all the IP addresses Like I wanted to know I wanted a list of all the IP addresses That were like within the USA that started the United States like what was the US? What was the United States range of IP addresses? So it did a lot of googling for that which I turns out I didn't really need to because I mean we get this This this set up packets, right? So LCD into package that borders and I'll unzip it here Because we get this this bunch of packets and we can crank them out with it with wires We can take a look at them here and again, it's just a bunch of packets, right? So we just want to know which of these are from the United States One of them are not so I tried googling some crazy stupid things like the IP address range within the United States and I found a bunch of crazy Google results and Stuff like that to know. Okay. What numbers are within the range for the United States? And I try to like generate all the IP addresses with using like Python's IP address Module but all these things were crazy that I didn't have to do I should have it's a 100 point question So I was wondering like, okay, how can wire shark filter by the United States IP address and I get some googling filter by country and A first couple results I ended up finding eventually or like is it possible to create a capture filter to exclude any United States IP address and He says oh, absolutely. You should be able to use something like IP and not geo IP country equals United States I ended up using just this not IP geo country equals United States and that got me the number that I needed So I have it up here once I open up wire shark We can use that as our filter not IP geo IP country because United States and it filters through all these and down on the bottom The displayed packet number or you can't I don't know if you can see it that well There are forty four thousand nine hundred twenty eight packets in total for the file, but there are only 19,350 that are outside of the United States and that's what this filter did for us And that's the number that they wanted and that we were able to actually submit as 19,350 so that's the flag in our case. That's what we were able to submit So for one thing that's cool. I didn't know why our shark could filter like that I didn't know it could filter by country, but I also like didn't know that there was a filter for that and in Wireshark, that's exactly what I just said. So that's it. Um Really interesting challenge. I kind of completely really overthought it But I should know it's only a hundred points and Wireshark should be able to do something like that So cool that I finally figured that out and got the syntax for it. So a good Google search All right. Thanks for watching guys. Hope you're enjoying some of these Kaizen CTF videos I think there were a lot of really cool challenges for the CTF So I wanted to showcase them and demonstrate them for you. So thanks for watching. Bye