2015-02-15 - TRAFFIC ANALYSIS EXERCISE

PCAP:

• ZIP - pcap of the traffic:  2015-02-15-traffic-analysis-exercise.pcap.zip

NOTE: ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

 

FIRST DECISION POINT - YOU GET SNORT ALERTS FROM THAT IP ADDRESS

Here are the associated events for the malicious traffic:

 

SECOND DECISION POINT

1)  Looking through those IDS events confirmed everything!  Time to initiate established procedures and let your UK location handle this situation.

• Click here to double-check your findings.

 

2)  Still not 100 percent satisfied, are you?  People at your UK location find the computer (a Dell desktop) and perform some forensics.  They send you a ZIP archive of some suspicious files they found on the computer.

• Click here to get the ZIP archive and continue your analysis.

 

Click here to exit this exercise and return to the main page.