2017-03-25 - TRAFFIC ANALYSIS EXERCISE - COWORKER SUFFERS MARCH MADNESS

ASSOCIATED FILES:

• ZIP archive with a PCAP of the traffic:  2017-03-25-traffic-analysis-exercise.pcap.zip   2.9 MB (1,851,552 bytes)

All ZIP files on this site are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

 

SCENARIO

You work as an analyst at a Security Operations Center (SOC) for Pollerman's Pharmaceuticals, a regional pharmaceutical conglomerate.  You work the same shift as another analyst named Leonard.

Your relationship with Leonard is a lot like Jerry's relationship with Newman on episodes of Seinfeld.  You find Leonard comically annoying.

Shown above:  "Hello, Leonard."

 

Leonard was tasked to investigate some suspicious traffic, but he came down with a case of "March madness" and left the work undone.  He called in sick, and now you have to pick up where he left off.  He only saved traffic for the affected IP address in a pcap file.

Says Leonard, "Can't because basketball--I mean, because I'm sick!"

 

YOUR TASK

Review the pcap and write an incident report on what happened.  Information should include:

• Date and time of the activity
• MAC address of the affected Windows computer
• IP address of the affected Windows computer
• Host name of the affected Windows computer
• What happened

 

ANSWERS

• Click here for the answers.

 

Click here to return to the main page.