Connect to the SO machine via SSH.
https://digitalcorpora.org/corpora/scenarios/nitroba-university-harassment-scenario
Near the bottom of this page, click "pcap file". Save the nitroba.pcap file in your Downloads folder. Check the file size: it should be 56,180,821 bytes.
Drag the nitroba.pcap file and drop it on the SecurityOnion desktop. If you can't drag-and-drop, execute these commands to install VMware Tools.
sudo apt-get update
sudo apt-get install -y open-vm-tools open-vm-tools-desktop
sudo reboot
Note
Xplico is now abandoned and SecurityOnion no longer includes Xplico by default, so skip ahead to "Task 2: NetworkMiner" unless you are using an older version of SecurityOnion.
If you see the error message shown below, wait a few seconds and refresh the browser.
When you see this login screen, log in with the username xplico and the password xplico
On the left side, click "New Case". Name the case YOURNAME as shown below. Click Create.
On the left side, click "New Case". Accept the default selection of "Uploading PCAP capture file(s)". Name the case YOURNAME as shown below. Click Create.
On the next page, click YOURNAME.
On the next page, click "New Session".
Name the session YOURNAME as shown below. Click Create.
On the next page, click YOURNAME.
On the right side, click the "Choose file" button. Navigate to the nitroba.pcap file on your Desktop and click Open.
Click the Upload button.
Wait while the file is decoded.
When it's done, you will see numbers in the "HTTP" box, as shown below.
At the top of the screen, click the Video button and click Go.
A link to a Google video appear, as shown below. Click the link.
A message about Flash appears, as shown below.
Click the "Click here to download latest version" link.
When I did it, I was lucky, and a box popped up asking to approve running Flash. If that works for you, you'll be able to see the video shown below.
If Flash fails, and won't install, which is the usual experience, just skip the video and proceed with the rest of the project.
This video is not streaming from the Web: it's being reconstructed from the PCAP file.
Capture a whole-desktop image and save it as "Proj 6a from YOURNAME".
YOU MUST SEND IN A WHOLE-DESKTOP IMAGE FOR FULL CREDIT
On a Windows machine, in a browser, go to
https://sourceforge.net/projects/networkminer/files/networkminer/
Download the latest version: NetworkMiner-1.6.1.
There are later versions of this product on another website, but this old version worked best on my Windows 2008 Server system.
Unzip the ZIP file and run NetworkMiner.
Wait for NetworkMiner to process the file--it will take about 5 minutes.
Also expand the "Host Details" section, as shown below.
NetworkMiner identifies this as a Mac computer.
Scroll down until you see the screen resolutions use by this Mac, as shown below.
Find the one threatening a teacher, as shown below.
Capture a whole-desktop image and save it as "Proj 6b from YOURNAME".
YOU MUST SEND IN A WHOLE-DESKTOP IMAGE FOR FULL CREDIT
Send a Cc to yourself.
Posted 10-29-17
Rev. 12-10-17 with note about Xplico