2015-09-23 - TRAFFIC ANALYSIS EXERCISE - FINDING THE ROOT CAUSE

ASSOCIATED FILES:

• ZIP of the PCAP:  2015-09-23-traffic-analysis-exercise.pcap.zip (1.3 MB)

NOTE:  All zip archives on this site are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

 

SCENARIO

You have a pcap of traffic from an infected computer.  Based on the traffic, figure out how the infection happened.  What is the root cause?

 

REPORTING

Your documentation should include the following:

• Date and time of the activity.
• The infected computer's IP address.
• The infected computer's MAC address.
• The infected computer's host name.
• The infected computer's operating system.
• Domains and IP addresses of any infection traffic.
• The root cause (what is the likely cause of the infection noted in the pcap).

 

ANSWERS

• Click here for the answers.