Wireshark · Wireshark-users: Re: [Wireshark-users] Hacking question

Wireshark-users: Re: [Wireshark-users] Hacking question

From: "Ryan Zuidema" <ryan.zuidema@xxxxxxxxxxx>

Date: Tue, 24 Feb 2009 09:09:26 -0800

Remember that if you have “resolve transport names” turned on it will still resolve the source ports as well as destination. You are looking at an http conversation there. The “brutus” source port was chosen randomly by the client.

-Ryan

From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Edsel barrios
Sent: Tuesday, February 24, 2009 6:55 AM
To: Community support list for Wireshark
Subject: [Wireshark-users] Hacking question

I am using WireShark 1.0.3 and I was running a scan on my network when I noticed some weird packages coming from the outside and they had a prefix of Brutus

1573 250.604174 10.0.0.5 129.101.198.59 TCP brutus > http [ACK] Seq=515 Ack=5841 Win=17520 Len=0

has anyone seen something like this. Honestly my first thought was of the password sniffer Brutus.

Any ideas would be appreciated.

Thank you,
Edsel

References:
- [Wireshark-users] Hacking question
  - From: Edsel barrios

Prev by Date: Re: [Wireshark-users] Hacking question
Next by Date: Re: [Wireshark-users] comments/rants wrt my (very first) dissector
Previous by thread: Re: [Wireshark-users] Hacking question
Next by thread: [Wireshark-users] LUA Postdissector Field Extractors getting nil values from built-in TCP Dissectors
Index(es):
- Date
- Thread