Wireshark · Wireshark-users: [Wireshark-users] How do I use wireshark to investigate Snort IDS alert "A Network Trojan was Detect

Wireshark-users: [Wireshark-users] How do I use wireshark to investigate Snort IDS alert "A Netwo

From: Turritopsis Dohrnii Teo En Ming <turritopsis.dohrnii@xxxxxxxxxxxxxxx>

Date: Mon, 22 Oct 2018 15:02:12 +0000

Good evening from Singapore,

I have the following alert "A Network Trojan was Detected" in my Snort Intrusion Detection System (IDS) which is in my pfSense Network Security Appliance.

Thread: [Snort-users] Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected"

URL: https://lists.snort.org/pipermail/snort-users/2018-October/071833.html

Is there any way I can use wireshark to pin-point the operating system process in memory or filesystem object which is triggering the above-mentioned Snort IDS/IPS alert? I am hoping to know which executable file is triggering this IDS/IPS alert.

Please advise.

Thank you very much.     
 
===BEGIN SIGNATURE===
 
Turritopsis Dohrnii Teo En Ming's Academic Qualifications as at 30 Oct 2017 

[1] https://tdtemcerts.wordpress.com/ 

[2] http://tdtemcerts.blogspot.sg/ 

[3] https://www.scribd.com/user/270125049/Teo-En-Ming 

===END SIGNATURE===

Follow-Ups:
- Re: [Wireshark-users] How do I use wireshark to investigate Snort IDS alert "A Network Trojan was Detected"?
  - From: Turritopsis Dohrnii Teo En Ming

Prev by Date: Re: [Wireshark-users] Is there some reason why the list in the "in" operator in packet-matching expressions must be separated by spaces, not commas?
Next by Date: Re: [Wireshark-users] How do I use wireshark to investigate Snort IDS alert "A Network Trojan was Detected"?
Previous by thread: Re: [Wireshark-users] Is there some reason why the list in the "in" operator in packet-matching expressions must be separated by spaces, not commas?
Next by thread: Re: [Wireshark-users] How do I use wireshark to investigate Snort IDS alert "A Network Trojan was Detected"?
Index(es):
- Date
- Thread