Wireshark Assignement

CCSI460 Final Forensic Lab Report

Investigator’s Name: David Bailey

Date of Investigation: March 24,2015

Lab Number and Title: Wireshark FTP.pcap Assignment

Summary of Findings: The assignment involved doing a capture on the ftp.pcap file. The site that was visited was ftp. MICROSOFT.COM . The password used to access the site was secret@devryu.net . The user was anonymous. It appears that this access was made on June 14,2012 at the time 16:16:48 to 16:17:13 .

Protocol used to connect with server-FTP

IP address of site visited: 10:11:177:42

IP address of source : 64.4.30.34

Details of Investigation:

March 24,2015 6:23 pm Downloaded ftp.pcap zip file from doc.sharing on course website

March 24,2015 6:25 pm Opened Wireshark

Captured Live image from file

Packet Time Source Destination Protocol Length

1 0.000000 64.4.30.34 10.11.177.42 FTP 81 Response: 220 Microsoft FTP Service

2 0.570014 64.4.30.34 10.11.177.42 FTP 81 [TCP Retransmission] Response: 220 Microsoft FTP Service

3 1.365056 64.4.30.34 10.11.177.42 FTP 81 [TCP Retransmission] Response: 220 Microsoft FTP Service

4 2.662345 10.11.177.42 64.4.30.34 FTP 70 Request: USER anonymous

5 2.844974 64.4.30.34 10.11.177.42 FTP 126 Response: 331 Anonymous access allowed, send identity (e-mail name) as password.

6 6.056155 64.4.30.34 10.11.177.42 FTP 126 [TCP Retransmission] Response: 331 Anonymous access allowed, send identity (e-mail name) as password.

7 9.193904 10.11.177.42 64.4.30.34 FTP 78 Request: PASS secret@devryu.net

8 9.323344 64.4.30.34 10.11.177.42 FTP 136 Response: 230-Welcome to FTP.MICROSOFT.COM. Also visit http://www.microsoft.com/downloads.

9 9.325345 64.4.30.34 10.11.177.42 FTP 75 Response: 230 User logged in.

Packet Time Destination Source Protocol Length

10 11.574532 10.11.177.42 64.4.30.34 FTP 81 Request: PORT 10,11,177,42,195,102

11 11.910583 10.11.177.42 64.4.30.34 FTP 81 [TCP...