Void do you know how to read the ethereal capture to see what is going on with my network? I want someone to look at it and tell me if everything is ok...
The reason I am looking at this is I see some different IP's in there and I don't know what that is....
Ethereal ?
I use Ethereal on a daily basis but I don't use it to determine the overall health of a network. I use it to look for specific things, either for trouble-shooting a problem with a host/network device or for security reasons (watch the traffic from a spefic host). Are you saying you are seeing IP addresses on your network that you can not account for? There is no way I could tell you by looking at the capture what IP addresses are yours, that's something you would need to figure out, unless I'm missing something in your question. I could help you with questions about how to use Ethereal if you run into something you don't understand.
Yea, I am seeing a source IP that is not my IP or an internal network IP.
The reason I am watching with ethereal is because my windows server just restarted and I didn't do it so I wanted to see if someone remotely hacked my box.
My problem is I don't know what some of the info is and I am totally new to ethereal so I am not sure as to what I should be watching out for.
I hope that helps get across what I am trying to do.
The reason I am watching with ethereal is because my windows server just restarted and I didn't do it so I wanted to see if someone remotely hacked my box.
My problem is I don't know what some of the info is and I am totally new to ethereal so I am not sure as to what I should be watching out for.
I hope that helps get across what I am trying to do.
It would be pretty hard to read your mail if you never got any packets back from your mail host. That is a google mail server and those are reply packets. What you are seeing is a normal conversation. Now, if you don't have Google mail and you didn't have your browser open to it at the time of the sniff then you might have something to worry about. But here's how the conversation goes:
You:RandomSourcePort -> GoogleMail:80
GoogleMail:80 -> You:RandomSourcePort
That's how networking works. If you want to see the entire conversation right click on that first packet and click "Follow TCP stream". I think you'll understand a little more. You might what to do some searching for some basic TCP/IP networking tutorials. Here's a good jumping off point:
http://en.wikipedia.org/wiki/OSI_model
http://en.wikipedia.org/wiki/Internet_protocol_suite
http://en.wikipedia.org/wiki/Transmissi ... l_Protocol
http://en.wikipedia.org/wiki/User_Datagram_Protocol
You:RandomSourcePort -> GoogleMail:80
GoogleMail:80 -> You:RandomSourcePort
That's how networking works. If you want to see the entire conversation right click on that first packet and click "Follow TCP stream". I think you'll understand a little more. You might what to do some searching for some basic TCP/IP networking tutorials. Here's a good jumping off point:
http://en.wikipedia.org/wiki/OSI_model
http://en.wikipedia.org/wiki/Internet_protocol_suite
http://en.wikipedia.org/wiki/Transmissi ... l_Protocol
http://en.wikipedia.org/wiki/User_Datagram_Protocol