We have a PC or multiple PC's in a VERY large network creating malicious links on our servers. I wan't to see if someone cal help me make a quick filter for wireshark that will log only the link creation event so I can figure out where it is coming from without generating gigs and gigs of packet data. I really need help soon!
Thank You So Much
asked 26 Mar '14, 16:54
Wireshark is the wrong tool for you, for several reasons.
You should look at the owner of the created links (maybe that reveals the workstation).
You should also enable file and folder auditing on your file server to figure out who is doing what. Your local Windows guru should know how to do that.
answered 28 Mar '14, 14:42
Kurt Knochner ♦