hacking case #23~25 network packet analysis

https://www.cfreds.nist.gov/Hacking_Case.html

https://www.wireshark.org/docs/wsug_html_chunked/ChWorkBuildDisplayFilterSection.html

https://www.wireshark.org/docs/dfref/h/http.html

http://network-forensics.blogspot.com/2010/01/nist-forensic-challenge_04.html

#23. Ethereal, a popular “sniffing” program that can be used to intercept wired and wireless internet packets was also found to be installed. When TCP packets are collected and re-assembled, the default save directory is that users \My Documents directory. What is the name of the file that contains the intercepted data?

#24. Viewing the file in a text format reveals much information about who and what was intercepted. What type of wireless computer was the victim (person who had his internet surfing recorded) using?

---

1. wireshark 를 이용하여 해당 파일을 열고, http 패킷의 user-agent 영역을 분석한다.

2. tshark 로 결과 파일 뽑아내기

$ tshark -R http.user_agent -Tfields -e http.user_agent -r interception

#25. What websites was the victim accessing?

---

1. wireshark 를 이용하여 해당 파일을 열고, http 패킷의 host 영역을 분석한다.

2. tshark 로 결과 파일 뽑아내기

$ tshark -R http.host -Tfields -e http.host -r interception | sort -u (정렬 후 중복제거)