Jump to content

Recommended Posts

Hi, i really need some help.

I have decided to do analyze my network traffic when i saw that two of my computer's makes some weird DNS queries to this url  zwyr157wwiu6eior.com

 

Here is the Output of my wireshark capture :

 

Frame 987: 112 bytes on wire (896 bits), 112 bytes captured (896 bits) on interface \Device\NPF_{55FD0CF9-BC43-4272-B55B-C621B4C05F5A}, id 0
Interface id: 0 (\Device\NPF_{55FD0CF9-BC43-4272-B55B-C621B4C05F5A})
Interface name: \Device\NPF_{55FD0CF9-BC43-4272-B55B-C621B4C05F5A}
Interface description: Wi-Fi 3
Encapsulation type: Ethernet (1)
Arrival Time: Sep 17, 2020 07:24:35.762840000 Est (heure d’été)
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1600341875.762840000 seconds
[Time delta from previous captured frame: 0.012426000 seconds]
[Time delta from previous displayed frame: 0.012426000 seconds]
[Time since reference or first frame: 107.454245000 seconds]
Frame Number: 987
Frame Length: 112 bytes (896 bits)
Capture Length: 112 bytes (896 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: ASUSTekC_71:0e:f0 (14:dd:a9:71:0e:f0), Dst: Cisco-Li_82:01:51 (48:f8:b3:82:01:51)
Destination: Cisco-Li_82:01:51 (00:00:00:00:00:00) <- Hidden
Address: Cisco-Li_82:01:51 (00:00:00:00:00:00) <- Hidden
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: ASUSTekC_71:0e:f0 (00:00:00:00:00:00) <- Hidden
Address: ASUSTekC_71:0e:f0 (00:00:00:00:00:00) <- Hidden
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 192.168.1.1, Dst: 192.168.1.30
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 98
Identification: 0x0000 (0)
Flags: 0x4000, Don't fragment
0... .... .... .... = Reserved bit: Not set
.1.. .... .... .... = Don't fragment: Set
..0. .... .... .... = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (17)
Header checksum: 0xb71b [validation disabled]
[Header checksum status: Unverified]
Source: 192.168.1.1
Destination: 192.168.1.30
User Datagram Protocol, Src Port: 53, Dst Port: 53104
Source Port: 53
Destination Port: 53104
Length: 78
Checksum: 0x61d7 [unverified]
[Checksum Status: Unverified]
[Stream index: 176]
[Timestamps]
Domain Name System (response)
Transaction ID: 0x0dc9
Flags: 0x8180 Standard query response, No error
Questions: 1
Answer RRs: 2
Authority RRs: 0
Additional RRs: 0
Queries
Answers
[Request In: 986]
[Time: 0.012426000 seconds]

 

Is there anyway to stop malicious DNS queries ?

Thanks for your time and your read :)

-Steeve Reeves

 

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.