THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question

Revision history  [back]

Revision 3
Chuckc's avatar
3k
Chuckc
updated 2020-04-15 01:52:20 +0000
  1. Statistics -> Capture File Properties - capture is dated 2010-10-08 (it's been around a while)
  2. Statistics -> Conversations or Statistics -> Endpoints - the devices are both VMs (00:0c:29)
  3. Right click on Frame #4 (TELNET) and select Follow->TCP Stream:
    • client is sending X11 DISPLAY info - backtrack:0.0 - predecessor to Kali (linux client)
    • response is coming back as Microsoft Telnet Server (Windows server)
    • telnet and ssh servers will often do a name lookup of the client making the connection.
      In this case it's a Windows server so doing NBNS
  4. The domain name in the DHCP ACK is for a college/university - perhaps where the capture was done.
Revision 2
Chuckc's avatar
3k
Chuckc
updated 2020-04-15 01:50:43 +0000
  1. Statistics -> Capture File Properties - capture is dated 2010-10-08 (it's been around a while)
  2. Statistics -> Conversations or Statistics -> Endpoints - the devices are both VMs (00:0c:29)
  3. Right click on Frame #4 (TELNET) and select Follow->TCP Stream:
    • client is sending X11 DISPLAY info - backtrack:0.0 - predecessor to Kali (linux client)
    • response is as coming back as at Microsoft Telnet Server (Windows server)
    • telnet and ssh servers will often do a name lookup of the client making the connection.
      In this case it's a Windows server so doing NBNS
  4. The domain name in the DHCP ACK is for a college/university - perhaps where the capture was done.
Revision 1
Chuckc's avatar
3k
Chuckc
answered 2020-04-15 01:48:15 +0000
  1. Statistics -> Capture File Properties - capture is dated 2010-10-08 (it's been around a while)
  2. Statistics -> Conversations or Statistics -> Endpoints - the devices are both VMs (00:0c:29)
  3. Right click on Frame #4 (TELNET) and select Follow->TCP Stream:
    • client is sending X11 DISPLAY info - backtrack:0.0 - predecessor to Kali (linux client)
    • response as coming back at Microsoft Telnet Server (Windows server)
    • telnet and ssh servers will often do a name lookup of the client making the connection.
      In this case it's a Windows server so doing NBNS
  4. The domain name in the DHCP ACK is for a college/university - perhaps where the capture was done.