Wireshark · Ethereal-users: Re: [Ethereal-users] looking for virus or spamming

Ethereal-users: Re: [Ethereal-users] looking for virus or spamming

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Tom Greaser" <tgreaser@xxxxxxxxxxx>

Date: Mon, 05 Dec 2005 08:15:47 -0500

can try looking for all dns request that do NOT have an A or PRT record
you can compair to some black hole files
 
 
>>>jlmiller@xxxxxxxxxxxxxxxxxx 12/04/05 8:06 pm >>> 
I'm currently looking at a gateway server that seems to have a awful lot
of DNS requests and ARP requests.  Not sure if this is correct, but is
there a way to home in on virus and spam checking?  I eliminate all
valid traffic, but I would like to know if there are certain packets I
can look for.  I know this is huge area, if there is something I can
look for trim the search I would appreciate it. 
 
Thanks 
 
Jon 
 
 
Ethereal-users mailing list 
Ethereal-users@xxxxxxxxxxxx 
http://www.ethereal.com/mailman/listinfo/ethereal-users

Prev by Date: [Ethereal-users] reading diameter xml dictionary
Next by Date: RE: [Ethereal-users] VoIP?s conversation saved in a file
Previous by thread: [Ethereal-users] looking for virus or spamming
Next by thread: [Ethereal-users] reading diameter xml dictionary
Index(es):
- Date
- Thread