I believe my home network has had a significant event$($s$).$ I only use my network for internet access so I can access

my Internet Service Provider $($ISP$)$ to read email. I am not sure whether this event$($s$)$ should cause me concern or

not, but I was lucky to be running Wireshark when the event occurred. You can find the PCAP in a shared folder on

both the Win$-$Hunt and Kali$-$Hunt VMs$.$ You can analyze it on various VMs to take advantage of the different

security tools required.

$1)$ Open the provided capture file using any SimSpace tools you see fit. Use Network Miner and Wireshark on

any Win$-$Hunt VM and SNORT on any Win$-$Hunt VM$.$

$2)$ Perform an analysis on the captured traffic. Some things you should consider are the following $($not all of

these happened and may not be all inclusive either$)$:

a$.$ How long did the session capture last?

b$.$ How many packets were captured?

c$.$ How many bytes were captured?

d$.$ What protocols were observed?

e$.$ When did the bulk of the data get transmitted?

f$.$ What caused this transmission spike?

g$.$ Were any Internet Service Provider sites were accessed? If so which ones? What accounts?

h$.$ What is the name of the host computer? It$$s IP address?

i$.$ What Operating system is it using?

j$.$ What does the local network look like?

k$.$ What device names are on the local network?

l$.$ Did I access any other computers on the local area network?

m$.$ Are any other devices on the network?

$3)$ What $$story$$ does the capture file tell?

$4)$ Run the capture file through SNORT. What if any alerts are triggered?