Submitted by: Submitted by Dabl
Views: 35
Words: 616
Pages: 3
Category: Science and Technology
Date Submitted: 04/04/2015 09:18 AM
CCSI460 Final Forensic Lab Report
Investigator’s Name: David Bailey
Date of Investigation: March 24,2015
Lab Number and Title: Wireshark FTP.pcap Assignment
Summary of Findings: The assignment involved doing a capture on the ftp.pcap file. The site that was visited was ftp. MICROSOFT.COM . The password used to access the site was secret@devryu.net . The user was anonymous. It appears that this access was made on June 14,2012 at the time 16:16:48 to 16:17:13 .
Protocol used to connect with server-FTP
IP address of site visited: 10:11:177:42
IP address of source : 64.4.30.34
Details of Investigation:
March 24,2015 6:23 pm Downloaded ftp.pcap zip file from doc.sharing on course website
March 24,2015 6:25 pm Opened Wireshark
Captured Live image from file
Packet Time Source Destination Protocol Length
1 0.000000 64.4.30.34 10.11.177.42 FTP 81 Response: 220 Microsoft FTP Service
2 0.570014 64.4.30.34 10.11.177.42 FTP 81 [TCP Retransmission] Response: 220 Microsoft FTP Service
3 1.365056 64.4.30.34 10.11.177.42 FTP 81 [TCP Retransmission] Response: 220 Microsoft FTP Service
4 2.662345 10.11.177.42 64.4.30.34 FTP 70 Request: USER anonymous
5 2.844974 64.4.30.34 10.11.177.42 FTP 126 Response: 331 Anonymous access allowed, send identity (e-mail name) as password.
6 6.056155 64.4.30.34 10.11.177.42 FTP 126 [TCP Retransmission] Response: 331 Anonymous access allowed, send identity (e-mail name) as password.
7 9.193904 10.11.177.42 64.4.30.34 FTP 78 Request: PASS secret@devryu.net
8 9.323344 64.4.30.34 10.11.177.42 FTP 136 Response: 230-Welcome to FTP.MICROSOFT.COM. Also visit http://www.microsoft.com/downloads.
9 9.325345 64.4.30.34 10.11.177.42 FTP 75 Response: 230 User logged in.
Packet Time Destination Source Protocol Length
10 11.574532 10.11.177.42 64.4.30.34 FTP 81 Request: PORT 10,11,177,42,195,102
11 11.910583 10.11.177.42 64.4.30.34 FTP 81 [TCP...