Description

• This capture is a normal user notebook in the network of a University. Connected to a switch by cable.
• All the files in this capture has all the information, except for the pcap file that was filtered to include only the DNS traffic. This was done for privacy reasons.

The files corresponding with -only-dns on their names correspond to statistics of the filtered pcap. The files without only-dns on their names are the statistics of the complete pcap.

Non-exhaustive Actions of the normal user

• Facebook
• Gmail
• A lot of web pages.
• Everything normal.
• No port scans.

Analysis of the DNS connections and Labels

• 147.32.83.53-147.32.80.105-53-udp (From-Normal-UDP-DNS--74)
  • 8540 flows
• 147.32.83.53-147.32.80.9-53-udp (Too few flows)
  • 6 flows

Data of the normal computer

• HWaddr: b8:ac:6f:6d:5a:f5
  
• IPv4: 147.32.83.53

Timeline

Mon Oct 21 11:22:26 UTC 2013

start catpure capture-2013-10-21-1.pcap