- The zip archives on this page have been updated, and they now use the new password scheme. For the new password, see the "about" page of this website.
- Zip archive of the pcap: 2018-01-16-traffic-analysis-exercise.pcap.zip 77 kB (77,333 bytes)
EDWARD and CAROL are flush with money from several high-profile investors. Unfortunately, their original business proposal fell apart. They're currently brainstorming ideas for a new company.
You know, if humans ever set foot on the planet Mars, we'll need to be smart about it.
Go on...
I propose we start a business called "Mars Smart" that targets astronauts and anyone who intents to visit the red planet.
That doesn't seem like a very good business idea.
But I've already made a sign for it. Just look at this!

That says "Mars Mart" dot com, not "Mars Smart" dot com. And it's on a piece of cardboard, you big dummy!
EDWARD scratches his head sheepishly.
I probably should've checked with you before I had our IT department set up the company network.
CAROL wonders what other blunders EDWARD has made.
Based on the pcap, figure out what other blunder Edward has made. Do a quick incident report that includes the following info:
- Date and start time of the malicious activity in UTC (GMT).
- IP address of the affected Windows host.
- Mac address of the affected Windows host.
- Host name of the affected Windows host.
- User account name on the affected Windows host.
- A short summary of what happened.
- Click here for the answers.
Click here to return to the main page.