[01] Let's examine three network traffic dump files (dumped using tcpdump). The data was captured on a host with the IP 192.168.138.1 running a Web server and an FTP server. The files are sample_1.pcap, sample_2.pcap and sample_3.pcap. Save them to disk.

Now examine the files using capinfo and tcpdstat. Enter the following commands:

$ capinfo sample_1.pcap $ capinfo sample_2.pcap $ capinfo sample_3.pcap $ tcppdstat sample_1.pcap $ tcppdstat sample_2.pcap $ tcppdstat sample_3.pcap

Note how many packets of particular types were captured in each file. Do you see anything suspicious that might require closer attention?

(+) show hint

next (02): Examine the files sample_1.pcap, sample_2.pcap and sample_3.pcap using ethereal (...)

contents