2019-10-05 - TRAFFIC ANALYSIS EXERCISE
- Zip archive of the pcap: 2019-10-05-traffic-analysis-exercise-pcaps.zip 20.3 MB (20,261,115 bytes)
- 2019-10-05-traffic-analysis-exercise-part-1.pcap (13,788,900 bytes)
- 2019-10-05-traffic-analysis-exercise-part-2.pcap (4,555,509 bytes)
- 2019-10-05-traffic-analysis-exercise-part-3.pcap (4,619,029 bytes)
- Zip archive of the alerts: 2019-10-05-traffic-analysis-exercise-alerts.zip 984 kB (983,567 bytes)
- 2019-10-05-traffic-analysis-exercise-alerts-part-1.jpg (19,242 bytes)
- 2019-10-05-traffic-analysis-exercise-alerts-part-1.txt (4,611 bytes)
- 2019-10-05-traffic-analysis-exercise-alerts-part-2.jpg (434,536 bytes)
- 2019-10-05-traffic-analysis-exercise-alerts-part-2.txt (4,571 bytes)
- 2019-10-05-traffic-analysis-exercise-alerts-part-3.jpg (327,377 bytes)
- 2019-10-05-traffic-analysis-exercise-alerts-part-3.txt (3,770 bytes)
- Zip archive of the alerts: 2019-10-05-traffic-analysis-exercise-emails.zip 173 kB (172,626 bytes)
- 2019-10-05-traffic-analysis-exercise-email-Deadlines.eml (90,100 bytes)
- 2019-10-05-traffic-analysis-exercise-email-EFT-Payment-Confirmation.eml (195,088 bytes)
- 2019-10-05-traffic-analysis-exercise-email-Fedex-delivery-notification.eml (14,529 bytes)
- All zip archives on this site are password-protected with the standard password. If you don't know it, look at the "about" page of this website.
LAN segment data:
- LAN segment range: 172.16.2.0/24 (172.16.2.0 through 172.16.2.255)
- Domain: tinsolutions.net
- Domain controller: 172.16.2.2 (Tinsolutions-DC)
- LAN segment gateway: 172.16.2.1
- LAN segment broadcast address: 172.16.2.255
In the past three days, three Windows hosts on the internal corporate network for tinsolutions.net were infected with malware. You have packet captures (pcaps) of network traffic when each host became infected. You also have the associated alerts on this network traffic. Finally, you have the three emails that kicked off the infection activity. Your task is to answer the following questions for each infection:
- What date and time did the infection activity start?
- What is the IP address of the Windows infected host?
- What is the MAC address of the Windows infected host?
- What is the host name of the infected Windows host?
- What is the user account name from the infected Windows host?
- What type of malware(s) was the host infected with?
- Which email was responsible for kicking off this infection activity?
- Click here for the answers.
Click here to return to the main page.