9/14/2023 0 Comments Wireshark packet analysisAfter translating from hex to text, I saw the string "NOCTION IRP". Looking at the data field of the ICMP packet, I saw it contained 40 bytes of hex data. I set up a capture on my ASA and waited for it to happen again. I was seeing random ICMP echo request/reply floods for under a minute maybe one or twice a day from a particular IP. You can quickly spot out of order packets or high latency by looking at delta time between sequential packets among many other things.Īnother example is actually from my desk today. Of course that requires knowing what normal is for said protocol.įirst thing that comes to mind is TCP sequence number analysis. Mostly looking for abnormal behavior for whatever protocol you are investigating.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |