2018-12-18 - TRAFFIC ANALYSIS EXERCISE - EGGNOG SOUP
- Zip archive of the pcap: 2018-12-18-traffic-analysis-exercise.pcap.zip 35.7 MB (35,659,096 bytes)
- All zip archives on this site are password-protected with the standard password. If you don't know it, look at the "about" page of this website.
Shown above: I used Eggnogsoup.com as a joke when I created the domain for this exercise's Active Directory environment. I did not realize "eggnog soup" is a real thing.
Shown above: When cooking up an exercise like this, I add a few Windows hosts and a scoop of non-Windows hosts to the mix.
LAN segment data:
- LAN segment range: 172.16.3.0/24 (172.16.3.0 through 172.16.3.255)
- Domain: eggnogsoup.com
- Domain controller: 172.16.3.2 - EggNogSoup-DC
- LAN segment gateway: 172.16.3.1
- LAN segment broadcast address: 172.16.3.255
Answer the following questions:
- How many hosts besides the Domain Controller at 172.16.3.2 are active on the network?
- List the IP addresses for the hosts found when investigating the previous question.
- Which IP address represents a host running Ubuntu?
- What type of host is using IP address 184.108.40.206?
- Which IP address is mostly likely an Amazon Fire tablet?
- Which three IP addresses represent Windows hosts that connect to the domain controller at 172.16.3.2?
- Which of the three Windows hosts shows indications of an infection with Emotet and IcedID banking Trojan (Bokbot)?
- Which IP address is a host running Android 8.0.0?
- What is the brand and model of the phone running Android 8.0.0?
- What is the brand and type of device on 172.16.3.112?
- Click here for the answers.
Click here to return to the main page.