2018-07-15 - TRAFFIC ANALYSIS EXERCISE - OH NOES! TORRENTZ ON OUR NETWORK!

ASSOCIATED FILES:

• Zip archive of the pcap:  2018-07-15-traffic-analysis-exercise.pcap.zip   8.4 MB (8,350,691 bytes)

NOTES:

• All zip archives on this site are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

 

SCENARIO

You have received alerts on bittorrent traffic from 10.0.0.201 on your organization's network.  Torrent traffic is often associated with file sharing of copyright-protected content; however, many cases of torrent traffic are perfectly legal (like this traffic analysis exercise).  Characteristics of your network are:

• LAN segment:  10.0.0.0/24 (10.0.0.0 through 10.0.0.255)
• Broadcast address:  10.0.0.255
• Domain controller:  10.0.0.2 (DogOfTheYear-DC)
• Domain:  dogoftheyear.net

 

Shown above:  Some people's reaction when they find out torrenting is happening on their network.

 

YOUR TASK

Based on the pcap, answer the following questions:

• What is the MAC address of the computer at 10.0.0.201?
• What is the host name of the computer at 10.0.0.201?
• What is the Windows user account name for the computer at 10.0.0.201?
• What is the Microsoft Windows version (XP, 7, 8, or 10) of the computer at 10.0.0.201?
• What time in UTC did the torrent activity from 10.0.0.201 start?
• What torrent file did the user at 10.0.0.201 download?
• What is the name of the torrent client used on 10.0.0.201?
• What file is being seeded (shared) by the torrent client on 10.0.0.201?

 

ANSWERS

• Click here for the answers.

 

Click here to return to the main page.