https://cyberdefenders.org/labs/45
A PCAP analysis exercise highlighting attacker's interactions with honeypots and how automatic exploitation works. (Note that the IP address of the victim has been changed to hide the true location.)
Let's start by opening the .pcap in Wireshark and checking the Endpoints from the Statistics menu.
There's only two - presumably, one is the attacker, one is the target. This is easy, as the challenge gives us a couple of the digits of the IP. Without this, we would need to look a bit deeper - but as we investigate further, it's still easy to determine.
98.114.205.102
This will be the other one.
192.150.11.111