This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Cannot capture sinkhole IP’s all on computers

0

I have been struggling with getting listed on the CBL for weeks. I finally found this program and received 2 different IPS that I should be looking out for in my capture. They are 38.102.150.27 and 216.66.15.109. I have wireshark running on all the PC in my network and I have the capture filter set up ip.addr==38.102.150.27 and ip.addr==216.66.15.103. I am convinced that something is wrong because I have never seen them come up. The CBL told me to enter one of those IP's into my browser and see if they come up in the capture. They only came up on one of the computers. I would really like to see it on the others even if I try to type into the browser. Please help...

I have to find the infected computer!!!! Tell me if I am doing something right or wrong.

Oh I am running Windows 7 Pro.

asked 09 Jun '14, 18:43

astark's gravatar image

astark
1111
accept rate: 0%

Hey I have the same problem. Every morning at 04.00 GMT my server is listed on CBL. The problem in those 2 ip : 38.102.150.27 and 216.66.15.109. but i don't find anything on my system. Did you find a solution?

(11 Jun '14, 13:30) sanx

@sanx: please don't add an answer if you have only a comment or a question yourself!

I converted your answer to a comment of the question.

Please read the FAQ of this site.

(11 Jun '14, 13:32) Kurt Knochner ♦

2 Answers:

0

You won't see traffic of other machines, if you run Wireshark on your system, without preparing the environment in a special way (hub, TAP, mirror port on the switch, etc.). Please read the Wiki:

http://wiki.wireshark.org/CaptureSetup/Ethernet

Regards
Kurt

answered 10 Jun '14, 03:23

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

0

I did....Wireshark turned up nothing because it was on the computer that hosts my security cameras that I never thought to monitor. Last night I gave it one more shot to watch the log on my router and low and behold I saw the sinkhole IP show up.

Other than seeing the sink hole IP there were other symptoms once I logged onto the computer. I try to go to the Malwarebytes site and TDSkiller site and it wouldnt let me. I tried other basic website and I was fine but any security site I went to it wouldnt allow me on. I ended up downloading Malwarebytes from CNET and it found Conficker plus 6 other trojans.

LOOK AT EVERY SINGLE COMPUTER ON YOUR NETWORK EVEN THE ONES YOU DONT SUSPECT!!!

It was a struggle. Good Luck.

answered 11 Jun '14, 14:09

astark's gravatar image

astark
1111
accept rate: 0%