Network forensics puzzle #4

Puzzle #4 is out. I've been pre-occupied and exhausted by work thus the delay in posting my answers for puzzle #3.
The answers for the first 2 answers were straight forward enough.
1) 00:25:00:fe:07:c4
2) AppleTV/2.4

The search terms (ie. questions 3 and 8) were a bit tedious to find manually by combing through Wireshark but easier in NetworkMiner. Alternatively, searching using "ngrep" on Ubuntu was pretty painless. The 2 movies that Ann clicked on are also listed in NetworkMiner.
3) h, ha, hac, hack
4) Hackers
6) Sneakers
8) iknowyourewatchingme

Answers to questions 5 and 7 courtesy of NetworkMiner.
5) http://a227.v.phobos.apple.com/us/r1000/008/Video/62/bd/1b/mzm.plqacyqb..640×278.h264lc.d2.p.m4v
7) $9.99
at
Labels: ,

2 comments:

  1. ErikFebruary 5, 2010 at 3:10 PM

    You can grab the User-Agent string with NetworkMiner as well if you'd like. Just expand the "Host Details" node for Ann's computer.

    ReplyDelete
  2. commandrineFebruary 5, 2010 at 10:51 PM

    I know. I just opted not to take a screenshot of the "User-Agent" string in NetworkMiner. I'm thinking of writing a script or tool to dump IP addresses and their corresponding MAC addresses from Pcap files.

    ReplyDelete

Subscribe to: Post Comments (Atom)

dnsaudit.py

 Since I was on a roll with Copilot, I decided to automate DNSSEC auditing with the following Python script. import subprocess import sys im...

  • "An error occured in avast! engine: Invalid argument"
    This annoying message popped up after I ran the update in avast! in Ubuntu yesterday. avast! crashes every time I attempt to launch it after...
  • Encrypted mails
    I decided to install a digital certificate for my Gmail account. This is simple and free to set up. Apply for a free certificate from Comod...