2/13/2023 0 Comments Wireshark filter broadcast traffic![]() Many worms try to spread by contacting other hosts on ports 135, 445, or 1433. ![]() It is the signature of the welchia worm just before it tries to compromise a system. icmp=icmp-echo and ip=92 and icmp=0xAAAAAAAA The filter looks for an icmp echo request that is 92 bytes long and has an icmp payload that begins with 4 bytes of A's (hex). ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
May 2023
Categories |