IoT Analysis Laboratory

Lab Environment
"An IoT device deployed in a hospital environment has sent an alert command to a server. The network traffic was captured and stored in a file. Analyze the capture to determine the command sent by the IoT device."

What command was sent by the IoT device over the network?

  • A. Tempe_Low
  • B. Low_Tempe
  • C. Temp_High
  • D. High_Tempe
Hint: Look inside the payload of HTTP packets. Specifically, check the packet with the POST /alert method as it typically contains application-level data.
Explanation: The IoT device sends its alert via network packets. By inspecting the payload of the HTTP POST request (Packet No. 3), the command field explicitly shows 'Temp_High'.
Attacker Machine - Documents
📄 IoTdeviceTraffic.pcapng
Loading IoTdeviceTraffic.pcapng...
Wireshark - [IoTdeviceTraffic.pcapng] Filter: http
No. Source Destination Protocol Length Info
1 192.168.1.10 20.20.10.26 TCP 66 8080 > 80 [SYN] Seq=0
2 20.20.10.26 192.168.1.10 TCP 66 80 > 8080 [SYN, ACK] Seq=0
3 192.168.1.10 20.20.10.26 HTTP 542 POST /alert (application/json)
4 192.168.1.10 20.20.10.26 HTTP 120 HTTP/1.1 200 OK (text/plain)
Packet Details (Reassembled TCP Segment)
{ "device": "IoT Sensor", "status": "alert", "command": "Temp_High" }