2019-11-12 - TRAFFIC ANALYSIS EXERCISE - OKAY-BOOMER
ASSOCIATED FILES:
- Zip archive of the pcap: 2019-11-12-traffic-analysis-exercise.pcap.zip 9.2 MB (9,182,767 bytes)
- 2019-11-12-traffic-analysis-exercise.pcap (11,439,800 bytes)
NOTES:
- All zip archives on this site are password-protected with the standard password. If you don't know it, look at the "about" page of this website.
SCENARIO
LAN segment data:
- LAN segment range: 10.11.11.0/24 (10.11.11.0 through 10.11.11.255)
- Domain: okay-boomer.info
- Domain controller: 10.11.11.11 - Okay-Boomer-DC
- LAN segment gateway: 10.11.11.1
- LAN segment broadcast address: 10.11.11.255
YOUR TASK
Review the pcap and answer the following questions:
- What operating system and type of device is on 10.11.11.94?
- What operating system and type of device is on 10.11.11.121?
- Based on the MAC address for 10.11.11.145, who is the manufacturer or vendor?
- What operating system and type of device is on 10.11.11.179?
- What version of Windows is being used on the host at 10.11.11.195?
- What is the user account name used to log into the Windows host at 10.11.11.200?
- What operating system and type of device is on 10.11.11.217?
- What IP is the Windows host that downloaded a Windows executable file over HTTP?
- What is the URL that returned the Windows executable file?
- What is the SHA256 file hash for that Windows executable file?
- What is the detection rate for that SHA256 hash on VirusTotal?
- What public IP addresses did that Windows host attempt to connect over TCP after the executable file was downloaded?
- What is the host name and Windows user account name used on that IP address?
ANSWERS
- Click here for the answers.
Click here to return to the main page.