2015-03-09 - TRAFFIC ANALYSIS EXERCISE

PCAP:

 

SCENARIO

Use the pcap file above to answer the following:

1) What is the host name of the Windows computer that gets infected?
2) What is the IP address of the Windows computer that gets infected?
3) What is the MAC address of the Windows computer that gets infected?
4) What exploit kit infected the computer? (Angler, Fiesta, Nuclear, Neutrino, Rig?)
5) What compromised website kicked off a chain of events leading to the exploit kit?
6) What is the IP address and domain name of the exploit kit?

 

Check your answers in the PDF document, which contains more info on the traffic and malware.

 

Click here to return to the main page.