Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

answered 2020-04-15 01:48:15 +0000

Chuckc gravatar image
  1. Statistics -> Capture File Properties - capture is dated 2010-10-08 (it's been around a while)
  2. Statistics -> Conversations or Statistics -> Endpoints - the devices are both VMs (00:0c:29)
  3. Right click on Frame #4 (TELNET) and select Follow->TCP Stream:
    • client is sending X11 DISPLAY info - backtrack:0.0 - predecessor to Kali (linux client)
    • response as coming back at Microsoft Telnet Server (Windows server)
    • telnet and ssh servers will often do a name lookup of the client making the connection.
      In this case it's a Windows server so doing NBNS
  1. Statistics -> Capture File Properties - capture is dated 2010-10-08 (it's been around a while)
  2. Statistics -> Conversations or Statistics -> Endpoints - the devices are both VMs (00:0c:29)
  3. Right click on Frame #4 (TELNET) and select Follow->TCP Stream:
    • client is sending X11 DISPLAY info - backtrack:0.0 - predecessor to Kali (linux client)
    • response as coming back at Microsoft Telnet Server (Windows server)
    • telnet and ssh servers will often do a name lookup of the client making the connection.
      In this case it's a Windows server so doing NBNS
  4. The domain name in the DHCP ACK is for a college/university - perhaps where the capture was done.
  1. Statistics -> Capture File Properties - capture is dated 2010-10-08 (it's been around a while)
  2. Statistics -> Conversations or Statistics -> Endpoints - the devices are both VMs (00:0c:29)
  3. Right click on Frame #4 (TELNET) and select Follow->TCP Stream:
    • client is sending X11 DISPLAY info - backtrack:0.0 - predecessor to Kali (linux client)
    • response as is coming back at as Microsoft Telnet Server (Windows server)
    • telnet and ssh servers will often do a name lookup of the client making the connection.
      In this case it's a Windows server so doing NBNS
  4. The domain name in the DHCP ACK is for a college/university - perhaps where the capture was done.
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2