![]() ![]() Sasser worm: –What sasser really did– ls_ads.opnum=0x09 TCP buffer full – Source is instructing Destination to stop sending data tcp.window_size = 0 & != 1įilter on Windows – Filter out noise, while watching Windows Client - DC exchanges smb || nbns || dcerpc || nbss || dns Show only traffic in the LAN (.x), between workstations and servers – no Internet: ip.src=192.168.0.0/16 and ip.dst=192.168.0.0/16 Show only SMTP (port 25) and ICMP traffic: tcp.port eq 25 or icmp See also CaptureFilters: Capture filter is not a display filter. Capture filters (like tcp port 80) are not to be confused with display filters (like tcp.port = 80). ![]()
0 Comments
Leave a Reply. |