Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-users: [Ethereal-users] Strange Packet found - need some advice

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "David D" <keyzs1@xxxxxxxxxxxxx>
Date: Tue, 24 May 2005 15:01:03 -0400
Afternoon all,

Sorry to make my first message a question but I am stumped on this.

I am getting the following packet while looking for a Netbios issue where
PC's are losing the ability to do name lookups.

No.    Time        Source                Destination           Protocol Info
1335 23.703679   10.1.xxx.xxx           10.1.255.255          NBNS     Name
query NB WWW.ZONEAGE.NET<00>
0000  ff ff ff ff ff ff 00 40 ca 12 45 f3 08 00 45 00   [email protected].
0010  00 4e 66 79 00 00 80 11 b5 44 0a 01 0a e0 0a 01   .Nfy.....D......
0020  ff ff 00 89 00 89 00 3a 83 02 a6 00 01 10 00 01   .......:........
0030  00 00 00 00 00 00 20 46 48 46 48 46 48 43 4f 46   ...... FHFHFHCOF
0040  4b 45 50 45 4f 45 46 45 42 45 48 45 46 43 4f 45   KEPEOEFEBEHEFCOE
0050  4f 45 46 46 45 41 41 00 00 20 00 01               OEFFEAA.. ..

The source IPAddress is x'd out because it's not coming from a single
address but many in the subnet.  The source address are machines (multiple
machines) on my network, most are PC's but a few are even switches.  I am on
a single segment of a fairly large (600 machines) switched (but flat
network - all same subnet) network.

I assume I have a virus someplace but not sure where to begin to find it.  A
few of the machines have been scanned, registry checked. processes checked
and  there is nothing unusual about them...

Any thoughts or ideas where to look next?

Thanks
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube