|
Good afternoon from Singapore Hugo,
Thank you for the insight.
Yes, I have tried to look into the software firewall logs in my Windows client operating system but unfortunately my software firewall did not record much information. I might need to re-configure firewall logging in my software firewall or choose another software firewall altogether. Which software firewall for Windows would you recommend? My requirement is to log everything.
I will also need to look into the software firewall logs in my Windows Server operating systems. From: Wireshark-users <wireshark-users-bounces@xxxxxxxxxxxxx> on behalf of Hugo van der Kooij <hugo.van.der.kooij@xxxxxxxxx>
Sent: Tuesday, October 23, 2018 6:08 PM To: Community support list for Wireshark Subject: Re: [Wireshark-users] How do I use wireshark to investigate Snort IDS alert "A Network Trojan was Detected"? That information is NOT on the wire. So it is not a task for Wireshark to sink it’s teeth into. You are looking for tools that should run on the host in question.
As simple `netstat –nab` run as administrator might be usefull when the connection is there. All you can gather form the wire is the exact connection details.
You try to hit a nail with a toothbrush at the moment. That is not a very effective tool for the job of hitting nails. You need a hammer.
Met vriendelijke groet / With kind regards, Hugo van der Kooij
From: Turritopsis Dohrnii Teo En Ming
Good evening from Singapore,
|
- References:
- [Wireshark-users] How do I use wireshark to investigate Snort IDS alert "A Network Trojan was Detected"?
- From: Turritopsis Dohrnii Teo En Ming
- Re: [Wireshark-users] How do I use wireshark to investigate Snort IDS alert "A Network Trojan was Detected"?
- From: Turritopsis Dohrnii Teo En Ming
- Re: [Wireshark-users] How do I use wireshark to investigate Snort IDS alert "A Network Trojan was Detected"?
- From: Hugo van der Kooij
- [Wireshark-users] How do I use wireshark to investigate Snort IDS alert "A Network Trojan was Detected"?