[Dshield] ping sweep

David Vincent david.vincent at mightyoaks.com
Thu Sep 18 22:41:37 GMT 2003


i hate network monitor.  grab ethereal and use it instead for the network
capture.  it will even go so far as to tell you the type of traffic.  DHCP
requests, pings, http streams, etc.

http://www.ethereal.com

don't forget the winpcap packet capture libraries...

http://winpcap.polito.it/install/default.htm

could also be the QoS agent.  any windows xp boxes there?  could be SSDP or
UPnP.  there's so much, where to begin?

more details please!

-d




> -----Original Message-----
> From: Neil G. Lovering [mailto:nlovering at nle-inc.com]
> Sent: September 18, 2003 3:28 PM
> To: General DShield Discussion List
> Subject: [Dshield] ping sweep
> 
> 
> Hey all,
> 
> I just started looking at a W2k server for a customer, and 
> when I fired
> up Network Monitor, it seems that the server itself is doing a massive
> ping sweep of the entire 192.168.x.y IP range.  Has anyone seen such
> behavior before, or know what might be the source of this?
> 
> There also seems to be a considerable number of outgoing echoes to
> various asiapac IP addresses.  A quick search by spybot found a few
> minor things, but the ping (echoes) continue.
> 
> Neil
> 
> 
> 
> 
> 
> 
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: 
> http://www.dshield.org/mailman/listinfo/list
> 




More information about the list mailing list