Ask Your Question

kiowa's profile - activity

2018-07-23 15:24:07 +0000 marked best answer llmnr malicious domain

I've captured a compromised system. I filter llmnr and found a collection of suspicious results. Some of the requests are sent to domains with mixed characters. Such as "kdonszushlwi" or as "ytdfgejjknsc". What are these?

2018-07-23 15:24:07 +0000 received badge  Scholar (source)
2018-07-23 15:23:42 +0000 answered a question llmnr malicious domain

I resolved the issue. It was a false-positive. Investigating futher I found the users were on thin-clients. The NIC card

2018-07-22 02:27:10 +0000 commented answer llmnr malicious domain

that is what i'm seeing. however, in squert there is a hit for a p2p thunder.xunelei.i'm looking for traffic that can sh

2018-07-21 01:49:49 +0000 asked a question llmnr malicious domain

llmnr malicious domain I've captured a compromised system. I filter llmnr and found a collection of suspicious results.

2018-07-10 17:33:48 +0000 commented answer handling 150mb pcaps

thanks Jasper. I just read about tracewranger in a wireshark book. i'm going to look into this. Can Wireshark combine mu

2018-07-10 17:29:58 +0000 commented answer handling 150mb pcaps

yea save filters are very great for things like broadcasts, but when you have 10 pcaps you need to invesetigate bc you n

2018-07-10 02:13:07 +0000 asked a question handling 150mb pcaps

handling 150mb pcaps i'm looking for feedback or best practices, or just approaches the community takes with dealing wit