wireshark issue
sixto areizaga
thenewcq at optimum.net
Tue Feb 14 04:07:27 UTC 2017
I apologize this is a little wordy, I just tried to answer everything
all at once...I am thinking its not wireshark. Let me know if you find
anything interesting...
IP = 119.249.54.71
$ whois 119.249.54.71
inetnum: 119.248.0.0 - 119.251.255.255
netname: UNICOM-HE
descr: China Unicom Heibei Province Network
I concluded windows because, Putty is a windows program.
Nmap scan report for 119.249.54.71
Host is up (0.36s latency).
Not shown: 993 closed ports
PORT STATE SERVICE VERSION
25/tcp filtered smtp
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
593/tcp filtered http-rpc-epmap
4444/tcp filtered krb524
6006/tcp open tcpwrapped
I googled krb524 it was super-interesting, check it out
from wireshark....
No. time source destination
protcol length info
71 41.065180 119.249.54.71 192.168.#.#
SSHv2 81 Client: Protocol (SSH-2.0-PUTTY)
72 41.088654 192.168.#.# 119.249.54.71
SSHv2 104 Server: Protocol (SSH-2.0-OpenSSH_7.2
FreeBSD-20160310)
> /var/log/security
> and /var/log/auth.log should be interesting.
show nothing for this IP.
a few days before there is a different IP, I am looking into that now.
Well, I dont think the vulnorability was in wireshark...
I think I am having a "pest" problem...
More information about the freebsd-questions
mailing list