Wireshark mailing list archives
Re: How do I use wireshark to investigate Snort IDS alert "A Network Trojan was Detected"?
From: Turritopsis Dohrnii Teo En Ming <turritopsis.dohrnii () teo-en-ming com>
Date: Mon, 22 Oct 2018 23:33:04 +0000
Good morning from Singapore, Any advice? Thank you. ________________________________ From: Turritopsis Dohrnii Teo En Ming Sent: Monday, October 22, 2018 11:02 PM To: wireshark-users () wireshark org Cc: Turritopsis Dohrnii Teo En Ming Subject: How do I use wireshark to investigate Snort IDS alert "A Network Trojan was Detected"? Good evening from Singapore, I have the following alert "A Network Trojan was Detected" in my Snort Intrusion Detection System (IDS) which is in my pfSense Network Security Appliance. Thread: [Snort-users] Snort IDS in pfSense Network Security Appliance: "A Network Trojan was Detected" URL: https://lists.snort.org/pipermail/snort-users/2018-October/071833.html Is there any way I can use wireshark to pin-point the operating system process in memory or filesystem object which is triggering the above-mentioned Snort IDS/IPS alert? I am hoping to know which executable file is triggering this IDS/IPS alert. Please advise. Thank you very much. ===BEGIN SIGNATURE=== Turritopsis Dohrnii Teo En Ming's Academic Qualifications as at 30 Oct 2017 [1] https://tdtemcerts.wordpress.com/ [https://s0.wp.com/i/blank.jpg]<https://tdtemcerts.wordpress.com/> Turritopsis Dohrnii Teo En Ming's Academic Qualifications – Historical Records, Office of the Grand Historian<https://tdtemcerts.wordpress.com/> tdtemcerts.wordpress.com Historical Records, Office of the Grand Historian [2] http://tdtemcerts.blogspot.sg/ [https://3.bp.blogspot.com/-ccJoVC-fTho/W8rKgRYpDkI/AAAAAAAAAHg/v2yuemNL5kgXkYrIIxVCb1oLtuSgNTIKwCLcBGAs/w1200-h630-p-k-no-nu/Millionaires%2Bin%2BSingapore.jpg]<http://tdtemcerts.blogspot.sg/> Turritopsis Dohrnii Teo En Ming's Academic Qualifications<http://tdtemcerts.blogspot.sg/> tdtemcerts.blogspot.sg Historical Records, Office of the Grand Historian [3] https://www.scribd.com/user/270125049/Teo-En-Ming ===END SIGNATURE===
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- How do I use wireshark to investigate Snort IDS alert "A Network Trojan was Detected"? Turritopsis Dohrnii Teo En Ming (Oct 22)
- Re: How do I use wireshark to investigate Snort IDS alert "A Network Trojan was Detected"? Turritopsis Dohrnii Teo En Ming (Oct 22)
- Re: How do I use wireshark to investigate Snort IDS alert "A Network Trojan was Detected"? Hugo van der Kooij (Oct 23)
- Re: How do I use wireshark to investigate Snort IDS alert "A Network Trojan was Detected"? Turritopsis Dohrnii Teo En Ming (Oct 24)
- Re: How do I use wireshark to investigate Snort IDS alert "A Network Trojan was Detected"? Hugo van der Kooij (Oct 23)
- Re: How do I use wireshark to investigate Snort IDS alert "A Network Trojan was Detected"? Turritopsis Dohrnii Teo En Ming (Oct 22)