Hi every one.
we are looking for advice, not much experience with this,
We have a 2011 RBUIAS and we set up a mirror port in which we have a Wireshark looking for some tcp connections to a external ip’s . We are experiencing some ip black listed notices, so we did several CBL lookups and got things like:
destintation ip, destination port, surce ip, surce port, portocol and time.
We have looked for these connections(destination ip, destination port ) in our captured files to ifind the terminal that is sending out this traffic, but no success.
Could you give us some hints , directions?
thank you