Malware-Traffic-Analysis.net - 2015-05-08 - traffic analysis exercise

2015-05-08 - TRAFFIC ANALYSIS EXERCISE - INSTRUCTIONS

NOTICE:

The zip archives on this page have been updated, and they now use the new password scheme. For the new password, see the "about" page of this website.

TRAFFIC:

2015-05-08-traffic-analysis-exercise.pcap.zip 317.5 kB (317,528 bytes)

TRAFFIC

The image below shows the traffic in Wireshark. As always, I recommend changing the default column display in Wireshark as covered in this tutorial: http://malware-traffic-analysis.net/tutorials/wireshark/index.html

Click on the above image to see it full-size.

BREAK POINT

You've documented the traffic, and now it's time to state what happened. A full analysis should include Snort events (or any other alerts) you've been able to generate from the pcap (from reading it with Snort or using tcpreplay in Security Onion). You should also be able to extract a malware sample from the pcap and submit it to Virus Total.

Click here to see the final answer page.