From 7a8cd9e60050dbd0ba5247b73bdfd743df6c90db Mon Sep 17 00:00:00 2001 From: David Kaufmann Date: Fri, 18 Dec 2015 14:59:15 +0100 Subject: [PATCH] finish ex1 --- exercise1.tex | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/exercise1.tex b/exercise1.tex index 9b87810..979399b 100755 --- a/exercise1.tex +++ b/exercise1.tex @@ -138,24 +138,22 @@ Length also does not vary very much: \section{Rep:1.m} Unknown, because we do have two shorter transmissions before a longer transmission from different source ips +Later the IP address turned out to be 192.168.67.84. + \section{Rep:1.n} -Not yet. We do not know if the three transmissions are connected to each other +Not yet. We do not know if the three transmissions are connected to each other. Most likely it is in the DSCP field of the third transmission. (This also has responses from the local system) -\section{Rep:1.o} - - - - - - - - - +Turned out that the 6 bits from the DSCP field just needed to be concatenated and then split into 8 bit chunks again. +\section{Rep:1.o} +./exercise2/parse\_stream\_data.py +"Agent South already successfully infiltrated The minister's office. In the next step, we try to acquire data from the Ministry of Cyber Affair's office network. Stay tuned, I will keep you updated on the progress. (This message was sent by agent Scott)Agent South already successfully infiltrated The minister's office. In the next step, we try to acquire data from the Ministry of Cyber Affair's office network. Stay tuned, I will keep you updated on t" +\section{Rep:1.p} +We did have a wireshark configuration issue as we had mistakenly configured it to show the IPID as the DSCP field and did miss the (correct) DSCP field completely. -- 2.43.0