diff --git a/hw4/hw4.md b/hw4/hw4.md
new file mode 100644
index 0000000..99ab20f
--- /dev/null
+++ b/hw4/hw4.md
@@ -0,0 +1,25 @@
+# Homework 3: Find the firmware
+
+We start by copying the firmware capture file from ada to our machine
+
+![scp-firmware](./scp-firmware.png)
+
+## Reverse Engineering
+First lets open this capture up in wireshark and do a high level overview
+
+### Wireshark overview
+
+![wireshark-0](./wireshark-0.png)
+
+Knowing we are ultimetly looking to re-construct a firmware download, we can discern some important info from wireshark
+
+* There are 241,531 packets in this capture, but only some are the traffic directly related to this download
+* Client of the download is 192.168.86.167 and server origin is 192.168.86.228
+* The download is split over multiple HTTP requests by the shown convention, which themselves are split over multiple TCP requests
+
+### 
+
+## Questions
+1) What architecture is the firmware intended to run on?
+2) What OS is the firmware running?
+3) What users are present on the system?
\ No newline at end of file
diff --git a/hw4/scp-firmware.png b/hw4/scp-firmware.png
new file mode 100644
index 0000000..e05d175
Binary files /dev/null and b/hw4/scp-firmware.png differ
diff --git a/hw4/wireshark-0.png b/hw4/wireshark-0.png
new file mode 100644
index 0000000..617cabd
Binary files /dev/null and b/hw4/wireshark-0.png differ