Hey Everyone. I have a team working on analyzing a packet capture file for a practice case we've been given by our club.
We have 2 .PCAP files. We have to figure out whether our company's server has been compromised, and which data the attacker had access to, and which attack has been used, and have to figure out what the attacker took. The problem is that we do not have in-depth knowledge in analyzing packet capture data. We suspect that the attacker had connected to a few specific ports and had access to http, https, and ssh. But the problem is that we do not know what method the attack used to get in, and we don't know exactly what the attacker had access to, viewed, or downloaded from or to the company's server. We have already opened up the PCAP files in wireshark and run filters but we still aren't sure about how to determine exactly what has been accessed.
Are there any freeware tools and/or tutorials that you could recommend to help us in the right direction. Any advice would be greatly appreciated.
Thanks in Advance,
GrepMan
We have 2 .PCAP files. We have to figure out whether our company's server has been compromised, and which data the attacker had access to, and which attack has been used, and have to figure out what the attacker took. The problem is that we do not have in-depth knowledge in analyzing packet capture data. We suspect that the attacker had connected to a few specific ports and had access to http, https, and ssh. But the problem is that we do not know what method the attack used to get in, and we don't know exactly what the attacker had access to, viewed, or downloaded from or to the company's server. We have already opened up the PCAP files in wireshark and run filters but we still aren't sure about how to determine exactly what has been accessed.
Are there any freeware tools and/or tutorials that you could recommend to help us in the right direction. Any advice would be greatly appreciated.
Thanks in Advance,
GrepMan