devskim blog

Search

🐙

Port Scan Activity (tshark)

sections

Tags

forensic

Created

Nov 30, 2023 03:31 PM

Last Updated

Nov 30, 2023 06:35 PM

1. 사전 준비 2. 문제 참고

1. 사전 준비

tshark 설치

pcap 다운로드 (비밀번호 321)

https://files-ld.s3.us-east-2.amazonaws.com/port+scan.zip

2. 문제

Q1. What is the IP address scanning the environment?

다음의 명령어로 정보 확인

notion image

정답

10.42.42.253

Q2. What is the IP address found as a result of the scan?

다음의 명령어로 정보 확인

notion image

정답

10.42.42.50

Q3. What is the MAC address of the Apple system it finds?

다음의 명령어로 정보 확인

notion image

정답

00:16:cb:92:6e:dc

Q4. What is the IP address of the detected Windows system?

SMBSERVER가 활성화된 것을 Windows 운영체제로 추정하고, 다음의 명령어로 정보 확인

notion image

정답

10.42.42.50

참고

Getting Started to LetsDefend

Register to soc analyst/incident response training platform

Getting Started to LetsDefend

https://app.letsdefend.io/challenge/port-scan-activity

Getting Started to LetsDefend

PREV루팅을 이용한 안드로이드 이미지 획득 (5.0.1)

NEXTInfection with Cobalt Strike (tshark)