2015-01-18 - TRAFFIC ANALYSIS EXERCISE: ANSWERING QUESTIONS ABOUT EXPLOIT KIT (EK) TRAFFIC
NOTICE:
- The zip archives on this page have been updated, and they now use the new password scheme. For the new password, see the "about" page of this website.
PCAP AND ANSWERS:
- 2015-01-18-traffic-analysis-exercise-1-of-2.pcap.zip 4.7 MB (4,740,450 bytes)
- 2015-01-18-traffic-analysis-exercise-2-of-2.pcap.zip 1.3 MB (1,323,583 bytes)
- 2015-01-18-traffic-analysis-exercise-answers.pdf.zip 48.9 kB (48,891 bytes)
QUESTIONS
For each pcap, answer the following questions:
1) What is the date and time of the activity?
2) What is the IP address of the Windows host that gets infected?
3) What is the domain name and IP address of the compromised web site?
4) What is the domain name and IP address that delivered the exploit kit (EK)?
5) What is the name of the EK?