I have a client machine that is sending NBNS Name Queries roughly once a second to what look like random IP addresses. I formatted this machine, but after doing a Wireshark capture immediately after the format, I see that it is still sending these messages. No other Windows machine on the network seems to be sending these messages. My first though is that the machine is infected somehow.
The conversation will go: LOCALIP EXTERNALIP NBNS LENGTH 92 PORT 137 Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
EXTERNALIP INTERNALIP ICMP LENGTH 120 PORT 137 Destination unreachable (Port unreachable)
No comments:
Post a Comment