troubleshooting Question

How to use network packet analysis or firewall (Sonicwall) to spot a trojan? or unusual behaviour?

Avatar of Yashy
YashyFlag for United Kingdom of Great Britain and Northern Ireland asked on
Hardware FirewallsSwitches / HubsNetwork Analysis
6 Comments2 Solutions1669 ViewsLast Modified:
hi guys

Today we had a situation where on our LAN, ping times between our PC's to the servers were taking 20ms or 15ms, when usually they should take 1ms. Our phones that use Voip suddenly were crackling and would switch off. It was drastic!

Anyway, we first thought it was a switch issue. Later we realised it was a trojan. Once removed, everything went back to normal.

We have a Sonicwall NSA 3500 on the network. We also have wireshark on the servers.

Let's say I had no AV and it hadn't detected it. How would you have used either the Sonicwall or even Wireshark to analyse the data?

What would you have looked for? And if you would have looked for anything, then how would you explain it to a very basic user like myself so that I could also pick it out and find out what was going on?

Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 2 Answers and 6 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 2 Answers and 6 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros