2016-12-17 - TRAFFIC ANALYSIS EXERCISE - YOUR HOLIDAY PRESENT

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

ASSOCIATED FILES:

• Zip archive with a pcap of the traffic:  2016-12-17-traffic-analysis-exercise.pcap.zip   12.1 MB (12,099,489 bytes)

 

SCENARIO

As I write this, Christmas is less than 3 weeks away, so it's time to wrap some presents!  As everyone knows, it isn't the size or cost of the gift, it's the thought that counts.  My gift to you this holiday season is a pcap and the chance to hone your traffic analysis skills.

Shown above:  If I could wrap a pcap as a present, this is what it would look like.

 

As usual, the pcap I'm gifting you contains traffic related to an infection, and the infection happened on a Windows computer.

Shown above:  If it helps put you in the holiday spirit, picture this as the infected Windows host.

 

YOUR TASK

You should be able to recover the following information from the pcap:

• Start date and time of the traffic.
• MAC address of the infected Windows computer.
• IP address of the infected Windows computer.
• Host name of the infected Windows computer.
• The person's name (or account name) using the infected Windows host.
• A general description of how the computer became.
• Public IP address of the infected Windows computer.
• The country or general location of the infected Windows computer.

 

ANSWERS

• Click here for the answers.

 

Click here to return to the main page.