To follow the stream, right-click on the starting packet (or any packet in the stream), select ‘Follow’, then ‘TCP Stream’ as shown below: I look for a ‘meaty’ stream (having a number of related packets) and follow the stream. If you note the ‘[‘ lines to the left of the packet window, this is a way to see the packets involved in the various streams. Going on to the next protocol, SSH is a little more interesting. This shows that there is one FTP attempt and it receives a RST/ACK. Use filters in Wireshark to select each protocol, for instance tcp.port=21. Follow the streams associated with the identified protocols This pcap showed only scans targeting 192.168.88.60ħ. Loading the filtered pcap into Wireshark, found many attempted sessions followed either by RST, ACK or by Fin, ACK. Microsoft Defender for IoT makes the filtered pcap available for this alert. Looking at the unresolved connections shows that this machine is poking a number of other machines on a variety of well known ports.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |