NETWORK MINER

TOOL OVERVIEW 1

Perform network analysis on mx-3.pcap. What is the total number of frames?
root@thm:~$ cd /home/ubuntu/Desktop/NetworkMiner_2-7-2/NetworkMiner.exe
NetworkMiner: File > Open > mx-3.pcap
 Case Panel > right-click mx-3.pcap > Show Metadata
  - Frames: 460
Perform network analysis on mx-3.pcap. How many IP addresses use the same MAC address with host 145.253.2.203?
root@thm:~$ cd /home/ubuntu/Desktop/NetworkMiner_2-7-2/NetworkMiner.exe
NetworkMiner: File > Open > mx-3.pcap
 Hosts:
  [-] 145.253.2.203
    65.208.228.223 (same MAC address)
    216.239.59.99 (same MAC address)
Perform network analysis on mx-3.pcap. How many packets were sent from host 65.208.228.223?
root@thm:~$ cd /home/ubuntu/Desktop/NetworkMiner_2-7-2/NetworkMiner.exe
NetworkMiner: File > Open > mx-3.pcap
 Hosts:
  [-] 65.208.228.223
    Sent: 72 packets (76,368 Bytes), 0.00 % cleartext (0 of 0 Bytes)
Perform network analysis on mx-3.pcap. What is the name of the webserver banner under host 65.208.228.223?
root@thm:~$ cd /home/ubuntu/Desktop/NetworkMiner_2-7-2/NetworkMiner.exe
NetworkMiner: File > Open > mx-3.pcap
 Hosts:
  [-] 65.208.228.223
    [-] Host Details
      Web Server Banner 1 : TCP 80 : Apache
Perform network analysis on mx-4.pcap. What is the extracted username?
root@thm:~$ cd /home/ubuntu/Desktop/NetworkMiner_2-7-2/NetworkMiner.exe
NetworkMiner: File > Open > mx-4.pcap
 Credentials:
  172.16.66.37...#B\Administrator
Perform network analysis on mx-4.pcap. What is the extracted password?

TOOL OVERVIEW 2

Perform network analysis on mx-7.pcap. What is the name of the Linux distro mentioned in the file associated with frame 63075?
Perform network analysis on mx-7.pcap. What is the header of the page associated with frame 75942?
Perform network analysis on mx-7.pcap. What is the source address of the image "ads.bmp.2E5F0FD9.bmp"?
Perform network analysis on mx-7.pcap. What is the frame number of the possible TLS anomaly?
Perform network analysis on mx-9.pcap. Look at the messages. Which platform sent a password reset email?
Perform network analysis on mx-9.pcap. What is the email address of Branson Matheson?

VERSION DIFFERENCES

Which version can detect duplicate MAC addresses?
Which version can handle frames?
Which version can provide more details on packet details?

EXERCISES

Perform network analysis on case1.pcap. What is the OS name of the host 131.151.37.122?
Perform network analysis on case1.pcap. Investigate the hosts 131.151.37.122 and 131.151.32.91. How many data bytes were received from host 131.151.32.91 to host 131.151.37.122 through port 1065?
Perform network analysis on case1.pcap. Investigate the hosts 131.151.37.122 and 131.151.32.21. How many data bytes were received from host 131.151.37.122 to host 131.151.32.21 through port 143?
Perform network analysis on case1.pcap. Perform network analysis on case1.pcap.
Perform network analysis on case1.pcap. What is the number of the detected "content types"?
Perform network analysis on case2.pcap. What is the USB product's brand name?
Perform network analysis on case2.pcap. Perform network analysis on case2.pcap.
Perform network analysis on case2.pcap. What is the source IP of the fish image?
Perform network analysis on case2.pcap. What is the password of the "[email protected]"?
Perform network analysis on case2.pcap. What is the DNS Query of frame 62001?
PreviousSNORTNextZEEK

Last updated