2016-04-16 - TRAFFIC ANALYSIS EXERCISE - PLAYING DETECTIVE

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

ASSOCIATED FILES:

• Zip archive with a pcap of the traffic:  2016-04-16-traffic-analysis-exercise.pcap.zip   9.2 MB (9,180,431 bytes)
• Zip archive with the Snort and Suricata alerts on the traffic:  2016-04-16-traffic-analysis-exercise-alerts.zip   5.6 kB (5,639 bytes bytes)

 

SCENARIO

For this exercise, you're playing detective.  A pcap of traffic was found from a user who is a well-known "cyber-klutz."  That person's computer was infected three times so far this year, and you have no reason to believe that behavior will stop any time soon.  Surely, something's afoot!

Although I doubt a magnifying glass will help in this invesigation.

 

Review the traffic.  With a little luck, you should figure out what's going on.  Your write-up should include:

• The user's first and last name
• The host name of the user's Windows computer
• The MAC address of the user's Windows computer
• A summary of what happened

Better start brushing up on your detective skills.  And get rid of that magnifying glass!

 

If you need to, review the Snort and Suricata alerts with this exercise to see if they provide any clues.  If you get stuck, just think, "Batman could do this, and I'm much less crazy than Batman."

Batman's so crazy, he needs a flashlight to investigate cyber crime.

 

ANSWERS

• Click here for the answers.

 

Click here to return to the main page.