Friday, February 5, 2010

Network forensics puzzle #4

Puzzle #4 is out. I've been pre-occupied and exhausted by work thus the delay in posting my answers for puzzle #3.
The answers for the first 2 answers were straight forward enough.
1) 00:25:00:fe:07:c4
2) AppleTV/2.4

The search terms (ie. questions 3 and 8) were a bit tedious to find manually by combing through Wireshark but easier in NetworkMiner. Alternatively, searching using "ngrep" on Ubuntu was pretty painless. The 2 movies that Ann clicked on are also listed in NetworkMiner.
3) h, ha, hac, hack
4) Hackers
6) Sneakers
8) iknowyourewatchingme

Answers to questions 5 and 7 courtesy of NetworkMiner.
5) http://a227.v.phobos.apple.com/us/r1000/008/Video/62/bd/1b/mzm.plqacyqb..640×278.h264lc.d2.p.m4v
7) $9.99

2 comments:

  1. You can grab the User-Agent string with NetworkMiner as well if you'd like. Just expand the "Host Details" node for Ann's computer.

    ReplyDelete
  2. I know. I just opted not to take a screenshot of the "User-Agent" string in NetworkMiner. I'm thinking of writing a script or tool to dump IP addresses and their corresponding MAC addresses from Pcap files.

    ReplyDelete