Hey, hope this is the right place, and have the right info. Apologies if its not.
So, my network team opened a ticket with me saying that there are A LOT of DNS alerts that are going to the wrong domain address. Something like company.corp.com rather than companycorp.com.
We figure that someone was configuring something and just put a typo in the address and it was forgotten about. As my team own the source server it has been asked that we do some investigating.
So far, I've installed Wireshark on the server and can see the the DNS request for the domain name and the response saying the host is unreachable but thats as far as I've gotten.
How do I analyse the data to find out where in the Application layer this traffic is coming from?
Thanks for your Time.
No comments:
Post a Comment