Written
on
Port Scan Activity (Let's Defend)
Challenge Write-up (Easy)
Lessons Learned:
Analyze port scan activity using WireShark
The Challenge:
Can you determine evidences of port scan activity?
- What is the IP address scanning the environment?
- Method: Go to Statistics > Endpoints. Since this is a port scan activity, the IP address should be sending volume of packets.
- Answer: “10.42.42.253”
- What is the IP address found as a result of the scan?
- Method: This question is kind of vague, but by process of elimination and checking the next “victim” of the port scan, the answer is 10.42.42.50.
- Answer: “10.42.42.50”
- What is the MAC address of the Apple system it finds?
- Method: Ticked the Name Resolution and found the Apple. Entered the answer.
- Answer: “00:16:cb:92:6e:dc”
- What is the IP address of the detected Windows system?
- Method: Identify a host machine via TTL and Window Scale.
- Answer: “10.42.42.50”
Note: Referring to this link for the TTL table per OS: ping command value is TTL%3D53,be detected using Ping Command. Windows = 128 MacOS = 64 Linux = 64