Curious Mr.

While a fugitive in Mexico, Mr. X remotely infiltrates the Arctic Nuclear Fusion Research Facil
ity’s (ANFRF) lab subnet over the Interwebs. Virtually inside the facility (pivoting through a co
mpromised system), he conducts some noisy network reconnaissance. Sadly, Mr. X is not y
et very stealthy. Unfortunately for Mr. X, the lab’s network is instrumented to capture all traffi
c (with full content). His activities are discovered and analyzed… by you! Here is the packet
capture containing Mr. X’s activity. As the network forensic investigator, your mission is to an
swer the following questions:
1. What was the IP address of Mr. X’s scanner?
10.10.42.253

2. For the FIRST port scan that Mr. X conducted, what type of port scan was it? (Note: t
he scan consisted of many thousands of packets.) Pick one: TCP Connect

3. What were the IP addresses of the targets Mr. X discovered?

10.42.42.25
10.42.42.50
10.42.42.56

4. What was the MAC address of the Apple system he found?

5. What was the IP address of the Windows system he found?

 6. What TCP ports were open on the Windows system? (Please list the decimal nu
mbers from lowest to highest.)

Port 145 และ Port 139

7. You don't have to answer this, but you get super bonus points if you do): What w
as the name of the tool Mr. X used to port scan? How can you tell? Can you reco
nstruct the output from the tool, roughly the way Mr. X would have seen it?
nmap 10.42.42.1/24