Jump to content

SteeveMartinReeves

Members
 View Profile  See their activity

  • Posts

    1

  • Joined

  • Last visited

 Content Type 

Everything posted by SteeveMartinReeves

  1. SteeveMartinReeves
    Hi, i really need some help. I have decided to do analyze my network traffic when i saw that two of my computer's makes some weird DNS queries to this url zwyr157wwiu6eior.com Here is the Output of my wireshark capture : Frame 987: 112 bytes on wire (896 bits), 112 bytes captured (896 bits) on interface \Device\NPF_{55FD0CF9-BC43-4272-B55B-C621B4C05F5A}, id 0 Interface id: 0 (\Device\NPF_{55FD0CF9-BC43-4272-B55B-C621B4C05F5A}) Interface name: \Device\NPF_{55FD0CF9-BC43-4272-B55B-C621B4C05F5A} Interface description: Wi-Fi 3 Encapsulation type: Ethernet (1) Arrival Time: Sep 17, 2020 07:24:35.762840000 Est (heure d’été) [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1600341875.762840000 seconds [Time delta from previous captured frame: 0.012426000 seconds] [Time delta from previous displayed frame: 0.012426000 seconds] [Time since reference or first frame: 107.454245000 seconds] Frame Number: 987 Frame Length: 112 bytes (896 bits) Capture Length: 112 bytes (896 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:dns] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: ASUSTekC_71:0e:f0 (14:dd:a9:71:0e:f0), Dst: Cisco-Li_82:01:51 (48:f8:b3:82:01:51) Destination: Cisco-Li_82:01:51 (00:00:00:00:00:00) <- Hidden Address: Cisco-Li_82:01:51 (00:00:00:00:00:00) <- Hidden .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: ASUSTekC_71:0e:f0 (00:00:00:00:00:00) <- Hidden Address: ASUSTekC_71:0e:f0 (00:00:00:00:00:00) <- Hidden .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 192.168.1.1, Dst: 192.168.1.30 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 98 Identification: 0x0000 (0) Flags: 0x4000, Don't fragment 0... .... .... .... = Reserved bit: Not set .1.. .... .... .... = Don't fragment: Set ..0. .... .... .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: UDP (17) Header checksum: 0xb71b [validation disabled] [Header checksum status: Unverified] Source: 192.168.1.1 Destination: 192.168.1.30 User Datagram Protocol, Src Port: 53, Dst Port: 53104 Source Port: 53 Destination Port: 53104 Length: 78 Checksum: 0x61d7 [unverified] [Checksum Status: Unverified] [Stream index: 176] [Timestamps] Domain Name System (response) Transaction ID: 0x0dc9 Flags: 0x8180 Standard query response, No error Questions: 1 Answer RRs: 2 Authority RRs: 0 Additional RRs: 0 Queries Answers [Request In: 986] [Time: 0.012426000 seconds] Is there anyway to stop malicious DNS queries ? Thanks for your time and your read :) -Steeve Reeves
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.