wireshark issue

Polytropon freebsd at edvax.de
Thu Feb 9 20:40:48 UTC 2017


On Thu, 9 Feb 2017 14:32:58 -0500, sixto areizaga wrote:
> I was working on a webpage [that isn't up yet] no outside connections
> established, I started apache [from computer #1], started wireshark
> [same node] and opened firefox [computer #2] and for the url I did a
> 192.168.etc.etc
> 
> looking though packets transfered there was a transfer from outside my network - (the
> ip might be in China) - it used putty [with sshv2] to get a
> server/client key exchange.

When you listen on a specific interface, Wireshark will
display all traffic for that interface (except you apply
a filter). So you're observing _two_ things at the same
time which probably aren't related: First is the web site
you're testing inside the LAN, second is an incomming SSH
connection attempt from exterior.

For testing your web site, temporarily add a filter for
the traffic in your LAN. Then, as a "second project", check
the SSH thing. It probably is just an automated search for
unsecured SSH accounts, performed by botnets.



> it looked like a mobile device running a script except using putty 

That is quite possible. It could be a member of a mobile
botnet (which seem to become more common, even though the
preferred kind of botnet is still a fleet of office PCs
running "Windows").



> anyone have a similar problem? 

No. Should I? ;-)



-- 
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...


More information about the freebsd-questions mailing list