use Wireshark to analyze the packet capture. Hint: The use of filters in Wireshark will make your job easier. An 'attacker' will typically perform several steps prior to conducting an attack, called the 'reconnaissance' phase:

1. Enumeration: What computers are up and running? 2. Footprinting:What services are provided by the computers that are up and running? 3. Fingerprinting: What operating systems are the computers running? The 'attack' phase* can occur in many forms: 1) Unauthorized access (logging into a computer without authorization) 2) Downloading information (unauthorized access to information) 3) Uploading information or files (root kits, logic or time bombs, worms, viruses, etc.) 3) Denial of service attacks 4) etc. *Not all of the attacks are represented in the packet capture.

Scenario: Ms. Wilde, pleased with your performance on the malware case, has decided to give you another incident. The overworked, underpaid, and understaffed IT administrator of a small business has contacted Palindrome to analyze some network traffic around the time of an abnormal spike in traffic. Your mission, should you choose to accept it - and Ms. Wilde has decided that you do - is to analyze the provided packet capture and report on the activity found therein which may. To aid in your goals, the administrator has provided a few details about the network from which the capture originated. There are four computers on the network. The IT administrator admin box is an Ubuntu server. They control the DHCP and web servers and is the only individual within the company with authorization for access to that server. There are two other employees, Bob Smith, a new hire and recent college graduate, who uses a workstation with network access running Windows XP, and Sarah, a developer who uses a workstation with a standard installation of Ubuntu also with network access. Both Bob and Sarah are authorized to have access to their own workstation and no others.

Deliverables:

A professional-quality report in two sections.

First, a management summary, written with no technical language, which provides a summary of what was found. The summary should be roughly a paragraph in length. This will require some thinking on your part to digest all that you've seen and turn that into something a manager can read quickly, but also come away with, and comprehend, the relevant information you gathered.

The second part will be the technical section where you will answer the following questions. Include the question and the answer.

1. What is the network address and subnet mask?

2. For each computer: a. What is the IP of the computer? b. What OS is it running? c. What is the MAC address?