Analysing pcap
I have two pcap files and I am trying to find out how can I find from network traffic about which following information I should I be filtering the data for this? I was looking commands but it didnt show anything speficics just that help commands were sued.
- BWE assets appear to have been active during the time of the power outage incident
- What method/socket do you think could have been used in capturing passwords from one of the assets
- At what time was the first command sent to switch off circuit and from which BWE asset?
Is this a lab exercise where the pcaps can be shared or a real world network?
If a production network, can the pcaps be anonymized and shared?
Sounds like a homework exercise.