pcap包来自https://www.malware-traffic-analysis.net/2014/11/16/index.html
问题与回答
LEVEL 1 QUESTIONS:
1) What is the IP address of the Windows VM that gets infected?
通过查询语句“bootp”or“udp.port==67”查询到了DHCP通信流量。被感染Windows VM IP地址为172.16.165.165
DHCP知识点
DHCP报文是UDP用户数据包的数据。
DHCP客户使用的UDP端口是68,服务器使用的UDP端口是67
根据Info or port or (source and destination)都可以判断出来本机IP。
2) What is the host name of the Windows VM that gets infected?