thenewcq at optimum.net
Tue Feb 14 04:07:27 UTC 2017
I apologize this is a little wordy, I just tried to answer everything
all at once...I am thinking its not wireshark. Let me know if you find
IP = 126.96.36.199
$ whois 188.8.131.52
inetnum: 184.108.40.206 - 220.127.116.11
descr: China Unicom Heibei Province Network
I concluded windows because, Putty is a windows program.
Nmap scan report for 18.104.22.168
Host is up (0.36s latency).
Not shown: 993 closed ports
PORT STATE SERVICE VERSION
25/tcp filtered smtp
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
593/tcp filtered http-rpc-epmap
4444/tcp filtered krb524
6006/tcp open tcpwrapped
I googled krb524 it was super-interesting, check it out
No. time source destination
protcol length info
71 41.065180 22.214.171.124 192.168.#.#
SSHv2 81 Client: Protocol (SSH-2.0-PUTTY)
72 41.088654 192.168.#.# 126.96.36.199
SSHv2 104 Server: Protocol (SSH-2.0-OpenSSH_7.2
> and /var/log/auth.log should be interesting.
show nothing for this IP.
a few days before there is a different IP, I am looking into that now.
Well, I dont think the vulnorability was in wireshark...
I think I am having a "pest" problem...
More information about the freebsd-questions