So, do you think that the
computer master browser feature can cause this as well? We also have a few Macs
with the windows server feature enabled behind the router as well. I know that
our switches support port mirroring, I will read up on how to do tha,t but for
now I will try do the hub between router and switch in the morning.
 
Thanks so much for all
the help, I really want to learn how to do this stuff.
 
 
-----Original Message-----
From:
ethereal-users-bounces@xxxxxxxxxxxx
[mailto:ethereal-users-bounces@xxxxxxxxxxxx] On
Behalf Of ronnie sahlberg
Sent: Tuesday,
 February 28, 2006 3:05 PM
To: Ethereal user
 support
Subject: Re: [Ethereal-users]
Newbie in a jam
 
If it
is only trying to access port 445 then it is probably not a port scanner.
port 445 is the port used for CIFS  i.e. windows file sharing.
It could just be that you happen to have a windows laptop or something
connected to your network and it tries to connect to its domain
controller   or a network share   and your ISP is blocking
CIFS traffic. 
I.e.   you brought your laptop home from the office and connected it
to your home network? 
On 3/1/06, Jason Hernandez < jason.hernandez@xxxxxxxxxxxxx>
wrote:
Thanks! Here is the sample line of the log that was
sent to me. I replaced 
the IP with X's. The first set of X's is the IP of my router and the other
set is the IP it's scanning.
2|Feb 20 2006 14:33:10|106001: Inbound TCP connection denied from
X.X.X.X/13331 to X.X.X.X/445 flags SYN on interface outside 
Jason
-----Original Message-----
From: ethereal-users-bounces@xxxxxxxxxxxx
[mailto:
ethereal-users-bounces@xxxxxxxxxxxx] On Behalf Of FRANCIS PROVENCHER
Sent: Tuesday, February 28, 2006 12:22 PM
To: ethereal-users@xxxxxxxxxxxx
Subject: Re: [Ethereal-users] Newbie in a jam 
Hi
To stop the problem, you can deny the icmp echo request on your firewall.
Its not a good thing to lets user make icmp echo reply (ping) outdoor of
your network. Creat a rule on your firewall to deny it, you can add some 
exception on this rule to lets administrator to ping outdoor.
Sorry i can give you some advise with ethereal.
You can also check for a Snort (Intrusion Detection System)
Francis Provencher
Ministère de la Sécurité publique
Réalisations et Systèmes réseaux
Tél: (418) 646-3258
Courriel:   Francis.provencher@xxxxxxxxxxxxxx
CEH - Certified Ethical Hackers 
SSCP - System Security Certified Practionner
Sec+ - Security +
>>> jason.hernandez@xxxxxxxxxxxxx
02/28/06 2:36 PM >>>
Hello all,
I am very new to protocol analyzing and packet sniffing. I usually just
support pc, but an now supporting our network. I've been contacted my
company's ISP and they say some machine behind my router is scanning their 
network. I have made sure all my PC's are patched, and have up to day anti
virus software ( McAfee) as well as anti spyware software (Windows
Defender), but I am still having this issue.
How can I use this software to find the culprit? What am I suppose to look 
for? Sorry for being such a newbie...
Thanks in advance!
Jason
_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users
_______________________________________________
Ethereal-users mailing list 
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users