)Download the packet trace file from here. (http://nyit.jaferian.com/projects/) The file contains 6 packet capture files. Analyze each file (Wireshark is probably the best tool to use for this) and answer the following questions:

Capture file #1: HTTP traffic

List three website visited and their IP address

List three search queries performed

Capture file #2: HTTPS traffic

Observe the first https protocol trace.

What is the name of the certificate issuing authority?

What encryption algorithm used?

What is the key used during encryption? What is the key size ?

What is the expiration date and time on the issued certificate?

What is the complete cipher suite that the browser supports?

What is the cipher suite that the server supports?

Capture file #3: FTP trace

What is the login name and password used for connecting to the ftp server?

What file(s) were downloaded? Give their complete download path and their sizes.

Capture file #4: Traceroute Traffic

Analyse the packets from the source IP "128.12.173.14".

What is the target website for which the traceroute is run?

List the IP addresses observed in the TraceRoute.

Capture file #5: POP3 Traceroute

Give the login name and password used.

How many e-mails was received by the account? Give details about the 'subject' field of each email.

Capture file #6: Attacker Activities

This file contains two steps that an attacker performed on a network.

What the attacker is trying to find in the first step ?

What the attacker is trying to find in the second step ?

What is attacker's IP address ?

What is the attacker target's IP address ?

Was attacker's target running a webserver on his computer ?

Was attacker's target accessible via SSH ?

Deliverables: PDF document with answer to above questions.