So for this challenge first step was to watch the Sans video can bus can can https://www.youtube.com/watch?v=96u-uHRBI0I which gave some good insight into how to interpret can bus data. Now that we have some priming the first thing is to determine what parts need fixing you can get a tip on this by completing the CAN Bus investigation mini game. The tip indicates the issue is with the lock and the brakes. So now we need to figure out which CAN bus messages correspond to each component of the sleigh this can be done by using the filter control to filter out all the IDs we so that we are only looking at one and then messing with the controls of the sleigh to see what changes the IDs value so we can associate IDs with functions of the sleigh.
Doing this we can determine the following IDs match the below functions of the Sleigh
Once we know what to look for we can then filter out all traffic apart from the locks / brakes and look for anomalies. Once the anomalies are determined clear the filter and then apply a filter only for the anomalous CAN bus messages which will complete the challenge.