Tuesday, February 11, 2020

Wireshark Malicious Activity Analysis

I was given a pcapng as a task and this clue:

You should find the outer IP address of the attacker by investigating malicious activity.

This challeng will require you to think out of the box, good luck.

So the pcapng has 212k packets of all sorts and we need to find an anomaly.

The key to reaching to that ip is from that anomaly. A port scanning was seen by tcp rst and ack on several ports.

But its a dead end.

Any suggestions/tools on how we can find the anomaly?

P.S.

There are 26k packets of SMB2 that contain info if that matters.



No comments:

Post a Comment