2018-07-15 - TRAFFIC ANALYSIS EXERCISE - OH NOES! TORRENTZ ON OUR NETWORK!

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

ASSOCIATED FILES:

• Zip archive of the pcap:  2018-07-15-traffic-analysis-exercise.pcap.zip   8.4 MB (8,350,691 bytes)

 

SCENARIO

You have received alerts on bittorrent traffic from 10.0.0[.]201 on your organization's network.  Torrent traffic is often associated with file sharing of copyright-protected content; however, many cases of torrent traffic are perfectly legal (like this traffic analysis exercise).  Characteristics of your network are:

• LAN segment:  10.0.0[.]0/24 (10.0.0[.]0 through 10.0.0[.]255)
• Broadcast address:  10.0.0[.]255
• Domain controller:  10.0.0[.]2 (DogOfTheYear-DC)
• Domain:  dogoftheyear[.]net

 

Shown above:  Some people's reaction when they find out torrenting is happening on their network.

 

YOUR TASK

Based on the pcap, answer the following questions:

• What is the MAC address of the computer at 10.0.0[.]201?
• What is the host name of the computer at 10.0.0[.]201?
• What is the Windows user account name for the computer at 10.0.0[.]201?
• What is the Microsoft Windows version (XP, 7, 8, or 10) of the computer at 10.0.0[.]201?
• What time in UTC did the torrent activity from 10.0.0[.]201 start?
• What torrent file did the user at 10.0.0[.]201 download?
• What is the name of the torrent client used on 10.0.0[.]201?
• What file is being seeded (shared) by the torrent client on 10.0.0[.]201?

 

ANSWERS

• Click here for the answers.

 

Click here to return to the main page.