Network forensics puzzle #4

Puzzle #4 is out. I've been pre-occupied and exhausted by work thus the delay in posting my answers for puzzle #3.
The answers for the first 2 answers were straight forward enough.
1) 00:25:00:fe:07:c4
2) AppleTV/2.4

The search terms (ie. questions 3 and 8) were a bit tedious to find manually by combing through Wireshark but easier in NetworkMiner. Alternatively, searching using "ngrep" on Ubuntu was pretty painless. The 2 movies that Ann clicked on are also listed in NetworkMiner.
3) h, ha, hac, hack
4) Hackers
6) Sneakers
8) iknowyourewatchingme

Answers to questions 5 and 7 courtesy of NetworkMiner.
5) http://a227.v.phobos.apple.com/us/r1000/008/Video/62/bd/1b/mzm.plqacyqb..640×278.h264lc.d2.p.m4v
7) $9.99

2 comments:

  1. You can grab the User-Agent string with NetworkMiner as well if you'd like. Just expand the "Host Details" node for Ann's computer.

    ReplyDelete
  2. I know. I just opted not to take a screenshot of the "User-Agent" string in NetworkMiner. I'm thinking of writing a script or tool to dump IP addresses and their corresponding MAC addresses from Pcap files.

    ReplyDelete

VMware Workstation Pro is now free for personal use!!!

VMware Workstation Pro is now free for personal use!!!  However, it was not straight forward to install on Ubuntu as I encountered error mes...