Scribd
Upload
53 views2 pages

Assignment #2 DF

This document provides instructions for Assignment #2 on network forensics. Students are asked to analyze a packet capture file called EvidenceMrX.pcap that contains network traffic data from a security incident. They must answer 6 questions by investigating the file using Wireshark or another network analysis tool. Questions include identifying the attacker's IP address, the type of port scan used, IP addresses of discovered systems, and open ports on one of the systems. Students can work in groups of up to 3 people and must submit a report describing their analysis and answers.

Uploaded by

mohamedabdulkadirareys232
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
53 views2 pages

Assignment #2 DF

This document provides instructions for Assignment #2 on network forensics. Students are asked to analyze a packet capture file called EvidenceMrX.pcap that contains network traffic data from a security incident. They must answer 6 questions by investigating the file using Wireshark or another network analysis tool. Questions include identifying the attacker's IP address, the type of port scan used, IP addresses of discovered systems, and open ports on one of the systems. Students can work in groups of up to 3 people and must submit a report describing their analysis and answers.

Uploaded by

mohamedabdulkadirareys232
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Course Name: Digital Forensics and Investigations

Assignment # 2: Network Forensics (10 Marks)

Name: Matric Number Section:

Name: Matric Number Section:

Name: Matric Number Section:

When viewing network logs, port information can give you clues to investigate. For example,
you might notice that a particular IP address is coming in frequently on an unusual port. A
receiving port above 1024, for example, should also raise a flag. You can check the Internet
Assigned Numbers Authority Web site (www.iana.org/assignments/port-numbers) for a list
of assigned port numbers
Using a network analysis tool such as Wireshark, you could generate a list of the top 10
Web sites users in your network are Visiting, you could also generate a list of the top 10
internal users. These network logs can show you patterns, such as an employee
transmitting data to or from a particular IP address frequently. Further investigation of the
IP address could show that this employee is accessing an online shopping site during
company time, for example. Using Wireshark program or any other network investigation
tool to answer the following questions.

Questions

While a fugitive in Mexico, Mr. X remotely infiltrates the Arctic Nuclear Fusion Research
Facility’s (ANFRF) lab subnet over the Interwebs. Virtually inside the facility (pivoting
through a compromised system), he conducts some noisy network reconnaissance. Sadly,
Mr. X is not yet very stealthy.

Unfortunately for Mr. X, the lab’s network is instrumented to capture all traffic (with full
content). The packet capture (EvidenceMrX.pcap) contains Mr. X’s activity. As the network
forensic investigator, your mission is to answer the following questions:

1. What was the IP address of Mr. X’s scanner?


2. For the FIRST port scan that Mr. X conducted, what type of port scan was it? (Note: the
scan consisted of many thousands of packets.) Pick one:
• TCP SYN
• TCP ACK
• UDP
• TCP Connect
• TCP XMAS
• TCP RST
3. What were the IP addresses of the targets Mr. X discovered?
4. What was the MAC address of the Apple system he found?
5. What was the IP address of the Windows system he found?
6. What TCP ports were open on the Windows system? (Please list the decimal numbers
from lowest to highest.)

EvidenceMrX.pcap file is attached with this assigment

Deliverables:

• You are required to answer ALL the questions stated above and submit a report describing
the steps you took to solve the case.
• You can work in a group of maximum THREE (3) students.
• Upload a soft copy of your assignment report to the e-learning.
• Report cover page must include necessary details such as ID and name.

You might also like