2019-10-05 - TRAFFIC ANALYSIS EXERCISE

ASSOCIATED FILES:

  • 2019-10-05-traffic-analysis-exercise-part-1.pcap   (13,788,900 bytes)
  • 2019-10-05-traffic-analysis-exercise-part-2.pcap   (4,555,509 bytes)
  • 2019-10-05-traffic-analysis-exercise-part-3.pcap   (4,619,029 bytes)
  • 2019-10-05-traffic-analysis-exercise-alerts-part-1.jpg   (19,242 bytes)
  • 2019-10-05-traffic-analysis-exercise-alerts-part-1.txt   (4,611 bytes)
  • 2019-10-05-traffic-analysis-exercise-alerts-part-2.jpg   (434,536 bytes)
  • 2019-10-05-traffic-analysis-exercise-alerts-part-2.txt   (4,571 bytes)
  • 2019-10-05-traffic-analysis-exercise-alerts-part-3.jpg   (327,377 bytes)
  • 2019-10-05-traffic-analysis-exercise-alerts-part-3.txt   (3,770 bytes)
  • 2019-10-05-traffic-analysis-exercise-email-Deadlines.eml   (90,100 bytes)
  • 2019-10-05-traffic-analysis-exercise-email-EFT-Payment-Confirmation.eml   (195,088 bytes)
  • 2019-10-05-traffic-analysis-exercise-email-Fedex-delivery-notification.eml   (14,529 bytes)

NOTES:

 

 

SCENARIO

LAN segment data:

 

YOUR TASK

In the past three days, three Windows hosts on the internal corporate network for tinsolutions.net were infected with malware.  You have packet captures (pcaps) of network traffic when each host became infected.  You also have the associated alerts on this network traffic.  Finally, you have the three emails that kicked off the infection activity.  Your task is to answer the following questions for each infection:

 

ANSWERS

 

Click here to return to the main page.