Posted on 2010-09-13
I need some assistance with Wireshark if anyone is available?
We have a client network of more than 1000 machines on 3 VLANS, all should be patched with latest MS patches and is running ESET, however one machine (or more) is infected with Conficker and occasionally 'bursts' through the network. ESET detects and stops the reinfection, but obviously each time a warning comes up the client freaks and goes into a panic.
Unfortunately the ESET logs (on server and client) does not contain any info on the source of the infection even with logging set to Level 5.
I'm looking to use something like Wireshark to sniff the network and hopefully identify the machine(s) in question so I can clean/patch it but my Wireshark knowledge is very limited.
If anyone can help that will be greatly appreciated!
I've already tried the McAfee/Retina network scanners, ESET conficker remover on logon scripts etc etc..