Jump to content

SteeveMartinReeves

Members
  • Posts

    1
  • Joined

  • Last visited

Posts posted by SteeveMartinReeves

  1. Hi, i really need some help.

    I have decided to do analyze my network traffic when i saw that two of my computer's makes some weird DNS queries to this url  zwyr157wwiu6eior.com

     

    Here is the Output of my wireshark capture :

     

    Frame 987: 112 bytes on wire (896 bits), 112 bytes captured (896 bits) on interface \Device\NPF_{55FD0CF9-BC43-4272-B55B-C621B4C05F5A}, id 0
    Interface id: 0 (\Device\NPF_{55FD0CF9-BC43-4272-B55B-C621B4C05F5A})
    Interface name: \Device\NPF_{55FD0CF9-BC43-4272-B55B-C621B4C05F5A}
    Interface description: Wi-Fi 3
    Encapsulation type: Ethernet (1)
    Arrival Time: Sep 17, 2020 07:24:35.762840000 Est (heure d’été)
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1600341875.762840000 seconds
    [Time delta from previous captured frame: 0.012426000 seconds]
    [Time delta from previous displayed frame: 0.012426000 seconds]
    [Time since reference or first frame: 107.454245000 seconds]
    Frame Number: 987
    Frame Length: 112 bytes (896 bits)
    Capture Length: 112 bytes (896 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:ip:udp:dns]
    [Coloring Rule Name: UDP]
    [Coloring Rule String: udp]
    Ethernet II, Src: ASUSTekC_71:0e:f0 (14:dd:a9:71:0e:f0), Dst: Cisco-Li_82:01:51 (48:f8:b3:82:01:51)
    Destination: Cisco-Li_82:01:51 (00:00:00:00:00:00) <- Hidden
    Address: Cisco-Li_82:01:51 (00:00:00:00:00:00) <- Hidden
    .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Source: ASUSTekC_71:0e:f0 (00:00:00:00:00:00) <- Hidden
    Address: ASUSTekC_71:0e:f0 (00:00:00:00:00:00) <- Hidden
    .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Type: IPv4 (0x0800)
    Internet Protocol Version 4, Src: 192.168.1.1, Dst: 192.168.1.30
    0100 .... = Version: 4
    .... 0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
    0000 00.. = Differentiated Services Codepoint: Default (0)
    .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
    Total Length: 98
    Identification: 0x0000 (0)
    Flags: 0x4000, Don't fragment
    0... .... .... .... = Reserved bit: Not set
    .1.. .... .... .... = Don't fragment: Set
    ..0. .... .... .... = More fragments: Not set
    Fragment offset: 0
    Time to live: 64
    Protocol: UDP (17)
    Header checksum: 0xb71b [validation disabled]
    [Header checksum status: Unverified]
    Source: 192.168.1.1
    Destination: 192.168.1.30
    User Datagram Protocol, Src Port: 53, Dst Port: 53104
    Source Port: 53
    Destination Port: 53104
    Length: 78
    Checksum: 0x61d7 [unverified]
    [Checksum Status: Unverified]
    [Stream index: 176]
    [Timestamps]
    Domain Name System (response)
    Transaction ID: 0x0dc9
    Flags: 0x8180 Standard query response, No error
    Questions: 1
    Answer RRs: 2
    Authority RRs: 0
    Additional RRs: 0
    Queries
    Answers
    [Request In: 986]
    [Time: 0.012426000 seconds]

     

    Is there anyway to stop malicious DNS queries ?

    Thanks for your time and your read :)

    -Steeve Reeves

     

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.