**Must have experience with WireShark or SNORT and feel comfortable with the tools to answer the following:
** .pcap file will be provided after hiring
** Step 4) is optional if using WireShark**
Perform an analysis on the captured traffic.
Some things you should consider are the following(not all of these happened and may not be all inclusive either):
a. How long did the session capture last?
b. How many packets were captured?
c. How many bytes were captured?
d. What protocols were observed?
e. When did the bulk of the data get transmitted?
f. What caused this transmission spike?
g. Were any Internet Service Provider sites were accessed?
If so which ones? What accounts? h. What is the name of the host computer? Its IP address?
i. What Operating system is it using? j. What does the local network look like?
k. What device names are on the local network?
l. Did I access any other computers on the local area network?
m. Are any other devices on the network?
3) What story does the capture file tell?
4) Run the capture file through the utility SNORT. What alerts are triggered?
Provide a lab report which includes the answers to the questions above and an analysis of what actually happened during the network session. Identify the key events and either prove or disapprove that a malicious event occurred. When referencing the answer to questions or providing proof of your analysis it might be helpful to reference the actual packet number that proves your point as well a screen shots within your appendix data