Open the provided capture file using any SimSpace tools you see fit. Use Network Miner and Wireshark on any Win$-$Hunt VM and SNORT on any Win$-$Hunt VM$.$

Perform an analysis on the captured traffic. Some things you should consider are the following $($not all of these happened and may not be all inclusive either$)$:

a$.$ How long did the session capture last?

b$.$ How many packets were captured?

c$.$ How many bytes were captured?

d$.$ What protocols were observed?

e$.$ When did the bulk of the data get transmitted?

f$.$ What caused this transmission spike?

g$.$ Were any Internet Service Provider sites were acjessed? If so which ones? What accounts?

h$.$ What is the name of the host computer? It's IP address?

i$.$ What Operating system is it using?

j$.$ What does the local network look like?

k$.$ What device names are on the local network?

I. Did I access any other computers on the local area network?

m$.$ Are any other devices on the network?

What "story" does the capture file tell?

Run the capture file through SNORT. What if any alerts are triggered?