2015-02-15 - TRAFFIC ANALYSIS EXERCISE
PCAP:
- ZIP - pcap of the traffic: 2015-02-15-traffic-analysis-exercise.pcap.zip
NOTE: ZIP files are password-protected with the standard password. If you don't know it, look at the "about" page of this website.
FIRST DECISION POINT - YOU GET SNORT ALERTS FROM THAT IP ADDRESS
Here are the associated events for the malicious traffic:
SECOND DECISION POINT
1) Looking through those IDS events confirmed everything! Time to initiate established procedures and let your UK location handle this situation.
- Click here to double-check your findings.
2) Still not 100 percent satisfied, are you? People at your UK location find the computer (a Dell desktop) and perform some forensics. They send you a ZIP archive of some suspicious files they found on the computer.
- Click here to get the ZIP archive and continue your analysis.
Click here to exit this exercise and return to the main page.