The challenge

With two binary logfiles at hand I had to find out by analysing network data what happened to a honeypot after being cracked.

Questions to be answered:
  1. What is the operating system of the honeypot? How did you determine that?
  2. How did the attacker(s) break into the system?
  3. Which systems were used in this attack, and how?
  4. Create a diagram that demonstrates the sequences involved in the attack.
  5. What is the purpose/reason of the ICMP packets with 'skillz' in them?
  6. Following the attack, the attacker(s) enabled a unique protocol that one would not expect to find on a n IPv4 network. Can you identify that protocol and why it was used?
  7. Can you identify the nationality of the attacker?
Bonus Questions: