A complaint came in that a certain organization is hosting an illegal FTP site to download copyrighted software. The security team has provided a pcap
A complaint came in that a certain organization is hosting an illegal FTP site to download copyrighted software. The security team has provided a pcap file capturing all FTP traffic on the network. They've asked you to identify where the FTP site is being hosted.
- Please provide detailed steps using wireshark to solve and recognize the PCAP file
- Below is a screenshot of the wireshark application
WGU-Win10-GNS3 Ticket2.pcap.pcapng File Edit View Go Capture Analyze Statistics Telephony Wireless Tools Help Press esc to exit full screen O Q+E Q QQ T Apply a display filter ... Time No. 1 0.000000 2 0.000388 3 38.709094 4 38.709663 5 38.712669 6 38.715618 7 38.718031 LOTTEE 8 43.798455 * 9 43.798938 10 48.076252 ******** 11 48.076682 12 48.076770 13 48.080162 14 50.727052 07 Source Ticket2.pcap.pcapng 0c:2c:41:b7:00:00 0c:c1:25:31:00:02 0c:c1:25:31:00:02 0c:2c:41:b7:00:00 10.10.60.1 10.10.20.2 10.10.60.1 AUTOTE 10.10.20.2 AUTEUTENTE 10.10.60.1 aufer:26 0c:fc:ae:26:00:00 0c:c1:25:31:00:02 www 10.10.60.1 10.10.20.2 10.10.20.2 10.10.60.1 10.10.60.1 0000 0c c1 25 31 00 02 0c 2c 0010 08 00 06 04 00 01 0c 2c 0020 0 1 25 31 00 02 0 Destination 10.10.20.2 10.10.60.1 10.10.20.2 10.10.60.1 10.10.20.2 0c:c1:25:31:00:02 0c:fc:ae:26:00:00 CONS www 10.10.20.2 **** 10.10.60.1 10.10.60.1 10.10.20.2 10.10.20.2 41 b7 00 00 08 06 00 01 41 b7 00 00 ea ea 14 03 14 fe > Frame 1: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface -, id e > Ethernet II, Src: 0c:2c:41:b7:00:00 (0c:2c:41:b7:00:00), Dst: 0c:c1:25:31:00:02 (0c:c1:25:31:00:02) > Address Resolution Protocol (request) %1 Protocol ARP ARP TCP TCP TCP FTP TCP 200 ARP -%1 .. ARP M FTP TCP FTP TCP FTP Length Info 42 Who has 10.10.20.254? Tell 10.10.20.3 42 10.10.20.254 is at 0c:c1:25:31:00:02 A A 66 54414 21 [ACK] Seq=1 Ack=36 Win=64256 Len=0 TSval=1528451789 TSecr-2636475934 60 Who has 10.10.20.254? Tell 10.10.20.2 42 10.10.20.254 is at 0c:c1:25:31:00:02 82 Request: USER anonymous 66 21 54414 [ACK] Seq=36 Ack-17 Win-65280 Len=0 TSval-2636485295 TSecr=1528461146 100 Response: 331 Please specify the password. 66 54414 21 [ACK] Seq-17 Ack-70 Win-64256 Len=0 TSval-1528461151 TSecr=2636485295 73 Request: PASS 74 54414 21 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 SACK_PERM=1 TSval=1528451779 TSecr=0 WS=128 74 21 54414 [SYN, ACK] Seq=0 Ack-1 Win=65160 Len=0 MSS=1460 SACK_PERM=1 TSval-2636475928 TSecr=1... 66 54414 21 [ACK] Seq=1 Ack=1 Win=64256 Len=0 TSval-1528451783 TSecr=2636475928 101 Response: 220 Welcome to warez FTP service. Send Ctrl+Alt+Delete Packets: 44149 - Displayed: 44149 (100.0%) 0 X + Profile: Default Reboot
Step by Step Solution
3.49 Rating (156 Votes )
There are 3 Steps involved in it
Step: 1
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started
Authors: Mike W. Peng
5th Edition
0357512367, 978-0357512364
