This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Just another Pcap, is there anything malicious with this or is it normal traffic?

https://drive.google.com/file/d/0B1VcVVkZTYTJdGJnSXVZdm9qaWM/view?usp=sharing

asked 23 Oct '17, 09:59

subb148's gravatar image

subb148
6223
accept rate: 0%


Based on your other question I get a definite feeling this is a homework assignment.

Having said that, as an educational opportunity, if you right-click on the TCP stream and select "follow TCP stream" you can see that most of this trace is an ASCII terminal application where a user is issuing Linux commands. They are as follows, and can be ignored (unless a person logging into that server and issuing these commands is nefarious):

ls -la cd .. ls cd selinux ls ls -la

For the rest of it, you have a unicast DHCP request (looks non-evil), and ARP traffic (where the replies don't contradict each other at least). So, nothing "scanny" happening there, and nothing that particularly strikes me as malicious on the face of it.

permanent link

answered 23 Oct '17, 22:14

Quadratic's gravatar image

Quadratic
1.9k6928
accept rate: 13%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×238
×5

question asked: 23 Oct '17, 09:59

question was seen: 500 times

last updated: 23 Oct '17, 22:14

p​o​w​e​r​e​d by O​S​Q​A