Date: Mon, 13 Feb 2017 22:47:37 -0500 From: sixto areizaga <thenewcq@optimum.net> To: freebsd-questions@freebsd.org Cc: Polytropon <freebsd@edvax.de>, Jon Radel <jon@radel.com> Subject: Re: wireshark issue Message-ID: <20170213224737.087dcdb3@newer.home> In-Reply-To: <20170213043346.863220d1.freebsd@edvax.de> References: <CAKM9q91KKxtqXRTG84Szefww%2BR--S1A7wvgSx5LV3jNS90=4qw@mail.gmail.com> <20170209174405.5d551b88@newer.home> <c2dd4d2c-0e7c-42f0-9eef-2cb734421767@radel.com> <20170212121809.5bf28626@newer.home> <20170213043346.863220d1.freebsd@edvax.de>
next in thread | previous in thread | raw e-mail | index | archive | help
I apologize this is a little wordy, I just tried to answer everything all at once...I am thinking its not wireshark. Let me know if you find anything interesting... IP = 119.249.54.71 $ whois 119.249.54.71 inetnum: 119.248.0.0 - 119.251.255.255 netname: UNICOM-HE descr: China Unicom Heibei Province Network I concluded windows because, Putty is a windows program. Nmap scan report for 119.249.54.71 Host is up (0.36s latency). Not shown: 993 closed ports PORT STATE SERVICE VERSION 25/tcp filtered smtp 135/tcp filtered msrpc 139/tcp filtered netbios-ssn 445/tcp filtered microsoft-ds 593/tcp filtered http-rpc-epmap 4444/tcp filtered krb524 6006/tcp open tcpwrapped I googled krb524 it was super-interesting, check it out from wireshark.... No. time source destination protcol length info 71 41.065180 119.249.54.71 192.168.#.# SSHv2 81 Client: Protocol (SSH-2.0-PUTTY) 72 41.088654 192.168.#.# 119.249.54.71 SSHv2 104 Server: Protocol (SSH-2.0-OpenSSH_7.2 FreeBSD-20160310) > /var/log/security > and /var/log/auth.log should be interesting. show nothing for this IP. a few days before there is a different IP, I am looking into that now. Well, I dont think the vulnorability was in wireshark... I think I am having a "pest" problem...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170213224737.087dcdb3>