This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

We have a PC or multiple PC's in a VERY large network creating malicious links on our servers. I wan't to see if someone cal help me make a quick filter for wireshark that will log only the link creation event so I can figure out where it is coming from without generating gigs and gigs of packet data. I really need help soon!

Thank You So Much

-J

asked 26 Mar '14, 16:54

Pyrex's gravatar image

Pyrex
11112
accept rate: 0%

Could someone please help me? We will have to be at work all weekend and then some if we can''t stop this virus.

(28 Mar '14, 12:37) Pyrex

Wireshark is the wrong tool for you, for several reasons.

You should look at the owner of the created links (maybe that reveals the workstation).

You should also enable file and folder auditing on your file server to figure out who is doing what. Your local Windows guru should know how to do that.

Regards
Kurt

permanent link

answered 28 Mar '14, 14:42

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×349
×248
×13
×3

question asked: 26 Mar '14, 16:54

question was seen: 1,356 times

last updated: 28 Mar '14, 14:42

p​o​w​e​r​e​d by O​S​Q​A