

When the Dropbox Windows client software was downloaded, the URL name made reference to Amazon Cloudfront. See Table 4.3 for a list of IP number ranges and the registered owner for the range. IP numbers allocated to AmazonAWS, the Amazon Web Services (EC2) service, were then observed.

The next IPs accessed were in the range of 74.125.0.0–74.125.255.255 (which are registered to Google) and indicate Google Analytics services. Certificates were observed from VeriSign/Thawte services. When accessing Dropbox accounts using the client software or a web browser, a session with an IP in the range 199.47.216.0–199.47.219.255 (registered to Dropbox), was first established on Port 80, and then a session with an IP in the range 199.7.48.0–199.7.63.255 or 199.16.80.0–199.16.95.255 on Port 80 then Port 443, which is registered to VeriSign/Thawte. Network traffic was seen on TCP Port 80 (HTTP) and 443 (HTTPS) only. Analysis of the network traffic capture files was undertaken using Network Miner v1.0 and Wireshark Portable 1.6.5 to determine what data remnants were available when Dropbox is used in the circumstances of the research.

Click here - for write-ups from other people that I've edited and posted here on the blog.Network traffic capture is a potential source of relevant information and is a process available to a range of government agencies which have the legal authority to undertake this type of monitoring and interception of data ( Kisswani, 2010).Click here - for non-technical blog posts I've written about on topics related to information security (infosec).From December 2018 through December 2020 I oocassionally posted information to Pastebin, so click here for posts from my Pastebin account.Click here - for some tutorials that will help for these exercises. Click here - for training exercises to analyze pcap files of network traffic.Almost every post on this site has pcap files or malware samples (or both). Since the summer of 2013, this site has published over 2,000 blog entries about malicious network traffic. A source for packet capture (pcap) files and malware samples.
