2017-03-25 - TRAFFIC ANALYSIS EXERCISE - COWORKER SUFFERS MARCH MADNESS

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

ASSOCIATED FILES:

• Zip archive with a pcap of the traffic:  2017-03-25-traffic-analysis-exercise.pcap.zip   2.9 MB (1,851,552 bytes)

 

SCENARIO

You work as an analyst at a Security Operations Center (SOC) for Pollerman's Pharmaceuticals, a regional pharmaceutical conglomerate.  You work the same shift as another analyst named Leonard.

Your relationship with Leonard is a lot like Jerry's relationship with Newman on episodes of Seinfeld.  You find Leonard comically annoying.

Shown above:  "Hello, Leonard."

 

Leonard was tasked to investigate some suspicious traffic, but he came down with a case of "March madness" and left the work undone.  He called in sick, and now you have to pick up where he left off.  He only saved traffic for the affected IP address in a pcap file.

Says Leonard, "Can't because basketball--I mean, because I'm sick!"

 

YOUR TASK

Review the pcap and write an incident report on what happened.  Information should include:

• Date and time of the activity
• MAC address of the affected Windows computer
• IP address of the affected Windows computer
• Host name of the affected Windows computer
• What happened

 

ANSWERS

• Click here for the answers.

 

Click here to return to the main page.