2016-04-16 - TRAFFIC ANALYSIS EXERCISE - PLAYING DETECTIVE
- ZIP archive with a PCAP of the traffic: 2016-04-16-traffic-analysis-exercise.pcap.zip 9.2 MB (9,180,431 bytes)
- ZIP archive with the Snort and Suricata alerts on the traffic: 2016-04-16-traffic-analysis-exercise-alerts.zip 5.2 kB (5,247 bytes bytes)
ZIP files on this site are password-protected with the standard password. If you don't know it, look at the "about" page of this website.
For this exercise, you're playing detective. A pcap of traffic was found from a user who is a well-known "cyber-klutz." That person's computer was infected three times so far this year, and you have no reason to believe that behavior will stop any time soon. Surely, something's afoot!
Although I doubt a magnifying glass will help in this invesigation.
Review the traffic. With a little luck, you should figure out what's going on. Your write-up should include:
- The user's first and last name
- The host name of the user's Windows computer
- The MAC address of the user's Windows computer
- A summary of what happened
Better start brushing up on your detective skills. And get rid of that magnifying glass!
If you need to, review the Snort and Suricata alerts with this exercise to see if they provide any clues. If you get stuck, just think, "Batman could do this, and I'm much less crazy than Batman."
Batman's so crazy, he needs a flashlight to investigate cyber crime.
- Click here for the answers.
Click here to return to the main page.