Remember that if you have “resolve transport names”
turned on it will still resolve the source ports as well as destination. You
are looking at an http conversation there. The “brutus” source port
was chosen randomly by the client.
-Ryan
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Edsel
barrios
Sent: Tuesday, February 24, 2009 6:55 AM
To: Community support list for Wireshark
Subject: [Wireshark-users] Hacking question
I am using WireShark 1.0.3 and I was running a scan on my
network when I noticed some weird packages coming from the outside and they had
a prefix of Brutus
1573 250.604174 10.0.0.5
129.101.198.59 TCP brutus > http [ACK]
Seq=515 Ack=5841 Win=17520 Len=0
has anyone seen something like this. Honestly my first thought was of the
password sniffer Brutus.
Any ideas would be appreciated.
Thank you,
Edsel
