2015-09-23 - TRAFFIC ANALYSIS EXERCISE - FINDING THE ROOT CAUSE
ASSOCIATED FILES:
- ZIP of the PCAP: 2015-09-23-traffic-analysis-exercise.pcap.zip (1.3 MB)
NOTE: All zip archives on this site are password-protected with the standard password. If you don't know it, look at the "about" page of this website.
SCENARIO
You have a pcap of traffic from an infected computer. Based on the traffic, figure out how the infection happened. What is the root cause?
REPORTING
Your documentation should include the following:
- Date and time of the activity.
- The infected computer's IP address.
- The infected computer's MAC address.
- The infected computer's host name.
- The infected computer's operating system.
- Domains and IP addresses of any infection traffic.
- The root cause (what is the likely cause of the infection noted in the pcap).
ANSWERS
- Click here for the answers.