2015-09-23 - TRAFFIC ANALYSIS EXERCISE - FINDING THE ROOT CAUSE

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

ASSOCIATED FILES:

• Zip archive containing the pcap:  2015-09-23-traffic-analysis-exercise.pcap.zip   1,257,973 bytes (1.3 MB)

 

SCENARIO

You have a pcap of traffic from an infected computer.  Based on the traffic, figure out how the infection happened.  What is the root cause?

 

REPORTING

Your documentation should include the following:

• Date and time of the activity.
• The infected computer's IP address.
• The infected computer's MAC address.
• The infected computer's host name.
• The infected computer's operating system.
• Domains and IP addresses of any infection traffic.
• The root cause (what is the likely cause of the infection noted in the pcap).

 

ANSWERS

• Click here for the answers.