Zarat https://blog.hatena.ne.jp/Zarat/ 4ensiX https://zarat.hatenablog.com/ LetsDefend Forensics packet LetsDefend Challenge DFIR: Port Scan Activity Question1: What is the IP address scanning the environment? 一番沢山パケットを飛ばしていそうなのが怪しい． $ tshark -r port\ scan.pcap -z conv,ip -q ================================================================================ IPv4 Conversations Filter:<No Filter> | <- | | … 190 <iframe src="https://hatenablog-parts.com/embed?url=https%3A%2F%2Fzarat.hatenablog.com%2Fentry%2F2022%2F12%2F10%2F004323" title="LetsDefend Challenge DFIR: Port Scan Activity writeup - 4ensiX" class="embed-card embed-blogcard" scrolling="no" frameborder="0" style="display: block; width: 100%; height: 190px; max-width: 500px; margin: 10px 0px;"></iframe> Hatena Blog https://hatena.blog 2022-12-10 00:43:23 rich https://zarat.hatenablog.com/entry/2022/12/10/004323 1.0 100%