I need help to analyze slammer.pcap
Hi!
I just want some help or guide to analyze or understand the slammer.pcap exercise file provided by Wireshark page.
Hi!
I just want some help or guide to analyze or understand the slammer.pcap exercise file provided by Wireshark page.
post your pcap file , or we dont know what you talking
Presumably they're referring to the "slammer.pcap" file on the Wireshark Wiki's Sample Captures page. The description of that capture is "Slammer worm sending a DCE RPC packet.". The Web searches I've done show a "Slammer" worm that attacks via SQL, not DCE RPC, so I'm not sure what that packet indicates. It's also not an "exercise" in the sense of, for example, an exercise in a training course.
One way to look at this (under linux at least) would be to use the Snort post-dissector (https://wiki.wireshark.org/Snort) with the emerging-threats rules (https://rules.emergingthreats.net/ope...) and open slammer.pcap. Then, you should see that one or more alerts fired and: - what rule(s) caused the alert(s) to be detected - where in the packet the content or pcre fields were found (and where they occur in the normal dissection) - clickable links to web-pages describing the snort rule and the threat it is thought to represent
This is admittedly be not-straightforward, especially if you are not already familiar with snort, but I am pretty sure I did this for this exact capture file once before.
Please start posting anonymously - your entry will be published after you log in or create a new account.
Asked: 2019-09-01 02:20:51 +0000
Seen: 878 times
Last updated: Sep 01 '19
What is the syntax for wireshark custom column
"No interfaces found" on Windows 10 laptop
Why am I not seeing unique traffic
why am i not see my interfaces?
promiscuous mode windows 10 not working
Tshark output file problem, saving to csv or txt
How to convert Pcapng file to pcap file by Tshark