Melody Scott
asked on
Can someone analyse a wireshark Network Protocol file for me?
Hi, I ran this wireshark network protocol analyzer with no programs open, including no background programs. I ran it for three minutes. I have the report in csv and in pcapng format.(I've changed the latter to a .txt extension to upload).
Can someone let me know if there's any odd network activity going on? Thanks. If you need more information, let me know, this is way over my head.
packet-dissection.csv
packets---Copy.txt
Can someone let me know if there's any odd network activity going on? Thanks. If you need more information, let me know, this is way over my head.
packet-dissection.csv
packets---Copy.txt
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok, thanks. Should I do a longer capture? I did see quite a few red lines, wasn't sure if that was cause for alarm.
Do that and check Source and Destination IP addresses.
Wireshark is not aware of malware or weird network activity. Its function is purely presenting you the raw network data. Red lines are invalid packets or other protocol errors, on TCP/UDP level. Happens during normal operation (some software trying to connect to a non-existent server etc), and even during connected sessions (re-ack packets etc).
No packet sniffer sees malware. Just the packets that go back and forth as shown above.
ASKER
Thanks, I think it sounds like I'm ok.
Since many (most) packets are encrypted (https and email) it is difficult to look at packets.
I am looking a packets with Comm View (Tamosoft) and they attempt to decode the packets and provide information that can be of use.