Scribd
Upload
100 views4 pages

Networking Practice Task

Networking_Practice_Task

Uploaded by

rajitesfaye034
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
100 views4 pages

Networking Practice Task

Networking_Practice_Task

Uploaded by

rajitesfaye034
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Networking PCAP Task Sheet 1: Basic Network Traffic Analysis

Objective: Understand how network communication works by analyzing a


normal HTTP and DNS traffic flow using Wireshark.

PCAP File: [Link]

What to Do:
1. Open the PCAP file using Wireshark.
2. Apply basic filters to isolate and understand:
o HTTP traffic: http
o DNS queries: dns
3. Observe the structure of packets:
o Ethernet header
o IP header
o TCP header
o Application layer data (HTTP content)

✅ Task Questions:
 How many total packets are in the capture?
 What domain was queried via DNS?
 What was the IP address returned from the DNS response?
 What URL was accessed in the HTTP GET request?
 What is the source and destination IP for the HTTP traffic?
 What is the server response code (e.g., 200 OK)?
Deliverables:
 At least 2 screenshots of your filtered traffic (DNS + HTTP)
 Short answers to each of the questions
 Optional: Describe one thing you found interesting or new

Networking PCAP Task Sheet 2: Suspicious Network Traffic Analysis

2025-01-22 - TRAFFIC ANALYSIS EXERCISE:


DOWNLOAD FROM FAKE SOFTWARE SITE

ASSOCIATED FILE:

 Zip archive of the pcap: 2025-01-22-traffic-analysis-


[Link] 20.5 MB (20,534,228 bytes)

NOTES:

 Zip files are password-protected. Of note, this site has a new


password scheme. For the password, see the "about" page of this
website.
BACKGROUND

You work as an analyst at a Security Operation Center (SOC). Someone


contacts your team to report a coworker has downloaded a suspicious file
after searching for Google Authenticator. The caller provides some
information similar to social media posts at:

 [Link]
malicious-ad-led-activity-7288213662329192450-ky3V/

 [Link]

Based on the caller's initial information, you confirm there was an


infection. You retrieve a packet capture (pcap) of the associated
traffic. Reviewing the traffic, you find several indicators matching details
from a Github page referenced in the above social media posts. After
confirming an infection happened, you begin writing an incident report.
LAN SEGMENT DETAILS FROM THE PCAP

 LAN segment range: 10.1.17[.]0/24 (10.1.17[.]0 through


10.1.17[.]255)

 Domain: bluemoontuesday[.]com

 Active Directory (AD) domain controller: 10.1.17[.]2 - WIN-


GSH54QLW48D

 AD environment name: BLUEMOONTUESDAY

 LAN segment gateway: 10.1.17[.]1

 LAN segment broadcast address: 10.1.17[.]255

TASK

For this exercise, answer the following questions for your incident report:

 What is the IP address of the infected Windows client?

 What is the mac address of the infected Windows client?

 What is the host name of the infected Windows client?

 What is the user account name from the infected Windows client?

 What is the likely domain name for the fake Google Authenticator
page?

 What are the IP addresses used for C2 servers for this infection?

You might also like