NCL Practice – Network Traffic Analysis

Available Challenges

Challenge 11

Use the provided packet capture to answer these questions about FTP traffic.
(use file: NCL-NetworkTraffic-FTP.pcap)

  1. (20 points) What was the first username/password combination attempt made to log in to the server? ex. ‘user/password’
  2. (20 points) What software is the FTP server running? (Include name and version)
  3. (20 points) What is the first username/password combination that allows for successful authentication? ex. ‘user/password’
  4. (20 points) What is the first command the user executes on the ftp server?
  5. (20 points) What file is deleted from the ftp server?
  6. (20 points) What file is uploaded to the ftp server?
  7. (20 points) What is the MD5 sum of the uploaded file?
  8. (20 points) What file does the anonymous user download?

Check your answers here.

Kait’s Coaching Tips for this challenge can be found here.

Challenge 12

Use the provided packet capture to answer these questions about DNS traffic.
(use file: NCL-NetworkTraffic-DNS.pcap)

  1. (20 phoints) What is the type of the DNS query requested?
  2. (20 points) What domain was requested?
  3. (20 points) How many items were in the response?
  4. (20 points) What is the TTL for all of the records?
  5. (20 points) What is the IP address for the “welcome” subdomain?

Check your answers here.

Kait’s Coaching Tips for this challenge can be found here.

Challenge 13

Use the provided capture to answer the following questions about a HTTP download.
(use file: NCL-HTTP.pcap)

  1. (20 points) What Linux tool was used to execute a file download?
  2. (20 points) What is the name of the web server software that handled the request?
  3. (20 points) What IP address initiated request?
  4. (20 points) What is the IP address of the server?
  5. (20 points) What is the md5sum of the file downloaded?

Check your answers here.

Kait’s Coaching Tips for this challenge can be found here.