The purpose of this lab is to provide a quick introduction to searching through network traffic looking for suspicious activity.
Use the provided pcap file (http://isis.poly.edu/~cyfor/wiresharkForensicsLab.pcap) to answer the following questions.
You will then need to enable GeoIP Lookups. This option can be enabled in Wireshark as: Edit -> Preferences -> Protocols (left-hand column) -> IPv4 -> Enable GeoIP Lookups
Finally, use Firefox to view the map, it may not display correctly in other browsers.
Question: Connections were established with servers in three countries outside America. What are the IP addresses of those servers and what countries are they located in?
Further information on this module can be found at the following links.
The network traffic file for the lab is attached below.
|wiresharkForensicsLab.pcap(5.59 MB)||marcbudofsky, Mar 17 2013, 9:42 PM|
You must Sign-In to post a comment.