This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Did I get infected (slammer.pcap)

0

Hi I opened a file slammer.pcap but later I checked on virustotal this file is infected. Did my computer get infected because of opening it? I was sure there are just ips and nothing more. I'm using Debian Jessie 8.8 and Wireshark as non-root.

asked 08 Jun '17, 04:21

nee4V's gravatar image

nee4V
11113
accept rate: 0%


One Answer:

0

If you opened the pcap in Wireshark (especially on a Linux system with non-root credentials) there is nothing to worry about. Slammer attacks SQL servers over the network, so there needs to be active communication of packets, and just reading them passively in Wireshark doesn't do that at all. You're safe.

answered 08 Jun '17, 04:24

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

Thank you for fast answer, I'm glad.

(08 Jun '17, 04:31) nee4V