Ask Your Question

Revision history [back]

check who is using an ip

Hellol all: I'm 100% NEWBIE here, and I have an issue: A software/App/?? on my NAS (unknown) is trying to communicate to a botnet, who's IP is marked as bad actor. I've been instructed to use wireshark to detect what is going on from the NAS using wireshark I know the 2 IP that my NAS uses to communicate, and I know what is the ip, since my firewall detects the communication: "Sophos Central Event Details for Company Name What happened: An attempt to communicate with a botnet or command and control server has been detected. Where it happened: BAK C16XXXXXXXXY6B2 Bakersfield" And using the logs from the firewall I know the IP of such botnet IP.

Sorry but from my computer I have no idea how to program wireshark to help me detect more info about that communication, and try to decipher what software/App or process that is trying. I have created a couple of rules on my firewall but bugs me not knowing who is the culprit.

Any help will be appreciated, and please kindly remember I am a newbie in wireshark territory.