nmap12345678910111213141516171819202122232425└─$ sudo nmap -sS 10.10.11.145 -p- --min-rate=3000Nmap scan report for 10.10.11.145Host is up (1.0s latency).Not shown: 65534 filtered tcp ports (no-response)PORT STATE SERVICE443/tcp open https└─$ sudo nmap -sS 10.10.11.145 -p443 -sCV --min-rate=3000 Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-03-05 22:11 ESTNmap scan report for 10.10.11.145Host is up (0.58s latency).PORT STATE SERVICE VERSION443/tcp open ssl/http Microsoft HTT...

Task 1What is the IP address of the infected web server?直接找nmap相关流量，然后追一个包。 192.168.1.3 Task 2What is the IP address of the Attacker?同Task1 192.168.1.5 Task 3How many open ports were discovered by the attacker?先找到nmap的扫描包段 观察扫描成功的包和失败的包之间的差异，(((ip.src == 192.168.1.5)) && (tcp.completeness == 39)) && (tcp.flags == 0x0002)，而后过滤得到所有成功的端口。 14 Task 4What are the first five ports identified by the attacker in numerical order during the enumeration phase, not considering th...