Scribd
Upload
303 views1 page

Curious MR X - Scenario

While hiding in Mexico, Mr. X remotely hacked into the Arctic Nuclear Fusion Research Facility's computer network and conducted network reconnaissance, which was detected by network monitoring. The packet capture of Mr. X's activities is provided for analysis to determine technical details like his scanner's IP address, the type of port scan used, IP addresses of discovered systems, and open ports on one Windows system.

Uploaded by

Sroldier OFFICIAL
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
303 views1 page

Curious MR X - Scenario

While hiding in Mexico, Mr. X remotely hacked into the Arctic Nuclear Fusion Research Facility's computer network and conducted network reconnaissance, which was detected by network monitoring. The packet capture of Mr. X's activities is provided for analysis to determine technical details like his scanner's IP address, the type of port scan used, IP addresses of discovered systems, and open ports on one Windows system.

Uploaded by

Sroldier OFFICIAL
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

While a fugitive in Mexico, Mr.

X remotely infiltrates the Arctic Nuclear Fusion Research Facility’s


(ANFRF) lab subnet over the Interwebs. Virtually inside the facility (pivoting through a compromised
system), he conducts some noisy network reconnaissance. Sadly, Mr. X is not yet very stealthy.

Unfortunately for Mr. X, the lab’s network is instrumented to capture all traffic (with full content).
His activities are discovered and analyzed… by you!

Here is the packet capture containing Mr. X’s activity. As the network forensic investigator, your
mission is to answer the following questions:

1. What was the IP address of Mr. X’s scanner?

2. For the FIRST port scan that Mr. X conducted, what type of port scan was it? (Note: the scan
consisted of many thousands of packets.) Pick one:

 TCP SYN
 TCP ACK
 UDP
 TCP Connect
 TCP XMAS
 TCP RST

3. What were the IP addresses of the targets Mr. X discovered?

4. What was the MAC address of the Apple system he found?

5. What was the IP address of the Windows system he found?

6. What TCP ports were open on the Windows system? (Please list the decimal numbers from lowest
to highest.)

You don't have to answer this, but you get super bonus points if you do): What was the name of the
tool Mr. X used to port scan? How can you tell? Can you reconstruct the output from the tool,
roughly the way Mr. X would have seen it?

You might also like