Network Forensics Puzzle 2011

The lead chemist of a high-profile pharmaceutical company was involved in a serious accident, leaving him in a coma days before the release of the company's highly publicized "133t pill." The chemist was the only person in possession of the list of ingredients required to produce the wonder drug, and it is not known if he will ever recover. All chemical evidence of the drug has been destroyed, but the company believes that the missing ingredients may have been stored electronically. You have been hired as a forensic investigator to recover the final ingredient of their 133t pill. Can you find the missing ingredient?


This puzzle gets progressively more difficult, making it an excellent challenge for a seasoned network forensics analyst as well as a great learning tool for a beginner. The puzzle is compatible with Mac, Windows, and Linux. All you need is Wireshark to get started.