Project Description
Analyze each file (Wireshark is probably the best tool to use for this) and answer the following questions:
Capture file #1: HTTP traffic
- List three website visited and their IP address
- List three search queries performed
Capture file #2: HTTPS traffic
Observe the first https protocol trace.
- What is the name of the certificate issuing authority?
- What encryption algorithm used?
- What is the key used during encryption? What is the key size ?
- What is the expiration date and time on the issued certificate?
- What is the complete cipher suite that the browser supports?
- What is the cipher suite that the server supports?
Capture file #3: FTP trace
- What is the login name and password used for connecting to the ftp server?
- What file(s) were downloaded? Give their complete download path and their sizes.
Capture file #4: Traceroute Traffic
Analyse the packets from the source IP "128.12.173.14".
- What is the target website for which the traceroute is run?
- List the IP addresses observed in the TraceRoute.
Capture file #5: POP3 Traceroute
- Give the login name and password used.
- How many e-mails was received by the account? Give details about the 'subject' field of each email.
Capture file #6: Attacker Activities
This file contains two steps that an attacker performed on a network.
- What the attacker is trying to find in the first step ?
- What the attacker is trying to find in the second step ?
- What is attacker's IP address ?
- What is the attacker target's IP address ?
- Was attacker's target running a webserver on his computer ?
- Was attacker's target accessible via SSH ?
The analyzation of the trace file has to be done. The trace file can be downloaded from https://jaferian.com/nyit/.