Wireshark · Ethereal-users: [Ethereal-users] a hypothetical situation and is their a way to work it

Ethereal-users: [Ethereal-users] a hypothetical situation and is their a way to work it

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "John F. Regus" <jfregus@xxxxxxxxxxxxx>

Date: Sun, 23 May 2004 05:47:32 -0500

I am getting bombed with malware from certain sites that I can trace back to a spoofed IP address that hijacks a legitimate IP address from the first hop the intruder hits.

The intruders address always shows up as ??? ??? ??? ???.

However, if I can see the traffic going into the hop and time correlate it to what was coming in att the same time and what went out milliseconds later, then I might be able to capture the real IP address and turn it over to CERT/FBI.

Is there a way to do this with Ethereal?

Thanks,

John Regus

Prev by Date: Re: [Ethereal-users] How to capture the NetBIOS data over 802.2 network
Next by Date: Re: [Ethereal-users] Unusual arp requests
Previous by thread: Re: [Ethereal-users] How to capture the NetBIOS data over 802.2 network
Next by thread: [Ethereal-users] QUES: Out_of_order versus Retransmitted in the TCP Analysis section
Index(es):
- Date
- Thread