Scribd
Upload
115 views6 pages

Traffic Analysis Exercise - It's A Trap

The document provides a traffic analysis exercise involving a zip archive containing a pcap file and forensic analysis related to a network incident. It outlines details of a LAN segment, including IP range, domain, and Active Directory information, and poses questions regarding an infected Windows client. The author encourages users to analyze the provided data without offering any answers.

Uploaded by

cyber
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
115 views6 pages

Traffic Analysis Exercise - It's A Trap

The document provides a traffic analysis exercise involving a zip archive containing a pcap file and forensic analysis related to a network incident. It outlines details of a LAN segment, including IP range, domain, and Active Directory information, and poses questions regarding an infected Windows client. The author encourages users to analyze the provided data without offering any answers.

Uploaded by

cyber
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 6

TRAFFIC ANALYSIS EXERCISE: IT'S A TRAP!

● Zip archive of the pcap: 2025-06-13-traffic-analysis-exercise.pcap.zip 39.3 MB


(39,323,449 bytes)
● Zip archive of some forensic analysis: 2025-06-13-traffic-analysis-exercise-forensic-
analysis.zip 33.0 MB (32,970,676 bytes)

Password: infected_20250613

This is more a "traffic analysis opportunity" instead of a traffic analysis exercise. I'm just providing
the traffic and some forensic analysis.

LAN SEGMENT DETAILS FROM THE PCAP


● LAN segment range: 10.6.13[.]0/24 (10.6.13[.]0 through 10.6.13[.]255)
● Domain: massfriction[.]com
● Active Directory (AD) domain controller: 10.6.13[.]3 - WIN-DQL4WFWJXQ4
● AD environment name: MASSFRICTION
● LAN segment gateway: 10.6.13[.]1
● LAN segment broadcast address: 10.6.13[.]255

You should be able to answer the following:


● What is the IP address of the infected Windows client?
● What is the mac address of the infected Windows client?
● What is the host name of the infected Windows client?
● What is the user account name from the infected Windows client?

I'm not going to post any answers, so feel free to do what you will with the data. In the meanwhile,
the following images illustrate some possible analysis techiques.

You might also like