Security and Forensic Tools_19631

You need to use tcpdump in snort (Snort is command line only which is annoying!) to see which attacks were carried out. The snort one is pretty straightforward so I've attached the results in this posting, you open the [login to view URL] in notepad and you'll see the 3 attacks the person has made on the computer, it will also show times and ip's. You can then use these IP's in wireshark by setting a filter and it will show you the packets of the attack, this is a good starting point for the project. The "2123" number in the top attack is a snort rule, you can go to the snort website and input this number, as well as the number of the other two attacks (14782), and it will give you more information on the attacks. You need to open tcdump in wireshark and that'll show you all the packets, try to figure out what the attacker is doing. You need to install wireshark paacket analyzer I am ready to pay 30 USD