2017-02-11 - TRAFFIC ANALYSIS EXERCISE - A VERY SPECIAL ONE
- ZIP archive with a PCAP of the traffic: 2017-02-11-traffic-analysis-exercise.pcap.zip 6.7 MB (6,717,952 bytes)
- ZIP archive with the alerts (image, txt, and rtf files): 2017-02-11-traffic-analysis-exercise-alerts.zip 425 kB (424,578 bytes)
All ZIP files on this site are password-protected with the standard password. If you don't know it, look at the "about" page of this website.
Baby, it's cold outside. Why don't we curl up by the fireplace, sip some champaign, and listen to some romantic music? I've covered the floor with rose petals, so watch your step! That's right, just relax. I've got a special surprise for you.
Shown above: Now that I've set the mood...
The pcap contains traffic from three different hosts. You also have IDS alerts to help you figure out what's going on. None of this has anything to do with Valentine's day.
- Document the date, start time and end time of the pcap in UTC (GMT).
- Document the IP address of the three hosts in the pcap.
- Document the mac address of the three hosts in the pcap.
- Document the type of computer (Windows, Mac, Android, etc) fore each of the three hosts in the pcap.
- Determine which host(s) were infected.
MORE ADVANCED TASKS:
- Document the family (or families) of malware based on indicators from the pcap.
- Document the root cause for any infections noted in the pcap.
- Draft an incident report for the infected host(s).
- If more than one host is infected, draft a separate incident report for each host.
- Click here for the answers.
Click here to return to the main page.