Professional Documents
Culture Documents
Curious MRX
Curious MRX
While a fugitive in Mexico, Mr. X remotely infiltrates the Arctic Nuclear Fusion Research Facil
ity’s (ANFRF) lab subnet over the Interwebs. Virtually inside the facility (pivoting through a co
mpromised system), he conducts some noisy network reconnaissance. Sadly, Mr. X is not y
et very stealthy. Unfortunately for Mr. X, the lab’s network is instrumented to capture all traffi
c (with full content). His activities are discovered and analyzed… by you! Here is the packet
capture containing Mr. X’s activity. As the network forensic investigator, your mission is to an
swer the following questions:
1. What was the IP address of Mr. X’s scanner?
10.10.42.253
2. For the FIRST port scan that Mr. X conducted, what type of port scan was it? (Note: t
he scan consisted of many thousands of packets.) Pick one: TCP Connect
7. You don't have to answer this, but you get super bonus points if you do): What w
as the name of the tool Mr. X used to port scan? How can you tell? Can you reco
nstruct the output from the tool, roughly the way Mr. X would have seen it?
nmap 10.42.42.1/24