2019-01-28 - TRAFFIC ANALYSIS EXERCISE - TIMBERSHADE
- Zip archive of the pcap: 2019-01-28-traffic-analysis-exercise.pcap.zip 2.2 MB (2,163,574 bytes)
- Zip archive of the alerts: 2019-01-28-alerts-for-traffic-analysis-exercise.txt.zip 1.1 kB (1,057 bytes)
- All zip archives on this site are password-protected with the standard password. If you don't know it, look at the "about" page of this website.
Shown above: Pcap of today's traffic analysis exercise opened in Wireshark.
LAN segment data:
- LAN segment range: 172.17.8.0/24 (172.17.8.0 through 172.17.8.255)
- Domain: timbershade.info
- Domain controller: 172.17.8.2 - Timbershade-DC
- LAN segment gateway: 172.17.8.1
- LAN segment broadcast address: 172.17.8.255
Answer the following questions:
- What is the IP address of the infected Windows host?
- What is the MAC address of the infected Windows host
- What is the host name of the infected Windows host
- What is the Windows user account name for the infected Windows host
- What is the SHA256 file hash of the Windows executable file sent to the infected Windows host?
- Based on the IDS alerts, what type of infection is this?
- Click here for the answers.
Click here to return to the main page.