LetsDefend Challenge: Port Scan Activity


First download the Log file which contains a pcap file and open it in Wireshark.

Question 1

What is the IP address scanning the environment?

We can see that is sending a TCP 3-way handshake to a couple of different IP addresses. This suggests that that particular IP address is initiating a scan.


Question 2

What is the IP address found as a result of the scan?

Sort the protocol and look for NBNS.

https://wiki.wireshark.org/NetBIOS/NBNS is the only IP address that responds back to the name query.


Question 3

What is the MAC address of the Apple system it finds?

Head to Statistics –> Conversations –> Ethernet tab and toggle the Name Resolution option at the bottom. We are able to find a Apple system.

Answer: 00:16:cb:92:6e:dc

Question 4

What is the IP address of the detected Windows system?

Head to Statistics –> Endpoint –> IPv4

From what we gather so far:

  • – Apple System
  • – Windows System
  • – Unknown System
  • – Attacking System
  • – Network Broadcast Address


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Comments (



%d bloggers like this: