2022-05-27 01:23:44 +0000 | received badge | ● Famous Question (source) |
2021-02-18 15:18:40 +0000 | answered a question | UDP Port 889 Broadcast (ip.ttl "Time to Live" only 1) I use cFos and have the same traffic. Thanks for the pcap cause I was looking searching for info on 889. Yesterday, I fo |
2020-10-26 22:30:55 +0000 | received badge | ● Notable Question (source) |
2020-09-20 15:23:03 +0000 | received badge | ● Popular Question (source) |
2019-12-13 04:21:14 +0000 | received badge | ● Popular Question (source) |
2018-07-23 15:24:07 +0000 | marked best answer | llmnr malicious domain I've captured a compromised system. I filter llmnr and found a collection of suspicious results. Some of the requests are sent to domains with mixed characters. Such as "kdonszushlwi" or as "ytdfgejjknsc". What are these? |
2018-07-23 15:24:07 +0000 | received badge | ● Scholar (source) |
2018-07-23 15:23:42 +0000 | answered a question | llmnr malicious domain I resolved the issue. It was a false-positive. Investigating futher I found the users were on thin-clients. The NIC card |
2018-07-22 02:27:10 +0000 | commented answer | llmnr malicious domain that is what i'm seeing. however, in squert there is a hit for a p2p thunder.xunelei.i'm looking for traffic that can sh |
2018-07-21 01:49:49 +0000 | asked a question | llmnr malicious domain llmnr malicious domain I've captured a compromised system. I filter llmnr and found a collection of suspicious results. |
2018-07-10 17:33:48 +0000 | commented answer | handling 150mb pcaps thanks Jasper. I just read about tracewranger in a wireshark book. i'm going to look into this. Can Wireshark combine mu |
2018-07-10 17:29:58 +0000 | commented answer | handling 150mb pcaps yea save filters are very great for things like broadcasts, but when you have 10 pcaps you need to invesetigate bc you n |
2018-07-10 02:13:07 +0000 | asked a question | handling 150mb pcaps handling 150mb pcaps i'm looking for feedback or best practices, or just approaches the community takes with dealing wit |