2015-09-23 - TRAFFIC ANALYSIS EXERCISE - FINDING THE ROOT CAUSE
- PCAP of the traffic: 2015-09-23-traffic-analysis-exercise.pcap (1.5 MB)
You have a pcap of traffic from an infected computer. Based on the traffic, figure out how the infection happened. What is the root cause?
Your documentation should include the following:
- Date and time of the activity.
- The infected computer's IP address.
- The infected computer's MAC address.
- The infected computer's host name.
- The infected computer's operating system.
- Domains and IP addresses of any infection traffic.
- The root cause (what is the likely cause of the infection noted in the pcap).
- Click here for the answers.