2016-04-16 - TRAFFIC ANALYSIS EXERCISE - PLAYING DETECTIVE

ASSOCIATED FILES:

ZIP files on this site are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

 

SCENARIO

For this exercise, you're playing detective.  A pcap of traffic was found from a user who is a well-known "cyber-klutz."  That person's computer was infected three times so far this year, and you have no reason to believe that behavior will stop any time soon.  Surely, something's afoot!


Although I doubt a magnifying glass will help in this invesigation.

 

Review the traffic.  With a little luck, you should figure out what's going on.  Your write-up should include:


Better start brushing up on your detective skills.  And get rid of that magnifying glass!

 

If you need to, review the Snort and Suricata alerts with this exercise to see if they provide any clues.  If you get stuck, just think, "Batman could do this, and I'm much less crazy than Batman."


Batman's so crazy, he needs a flashlight to investigate cyber crime.

 

ANSWERS

 

Click here to return to the main page.