Announcement

Collapse
No announcement yet.

Senomix08 TCP packets

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Senomix08 TCP packets

    I am running server 2003 Sp2 with all updates and I started getting several packets with the name Senomix08 in them using TCP protocal. The packets seem to always be too or from my server.

    samples - from wireshark
    3737 > senomix08 [ACK] Seq=1 Ack=1 Win=65535 Len=0
    cernsysmgmtagt > senomix08 [ACK] Seq=1 Ack=1 Win=65535 Len=0
    aipn-auth > senomix08 [PSH, ACK] Seq=1 Ack=1 Win=65535 Len=265

    I have searched wireshark, google and here. I have found out that Senomix is a time sheet company but when I contacted them they said they registered for both TCP and UDP but they only use UDP. The have had a few calls from other people with the TCP packets and they are saying it's Malware. I can't find anything about this anywhere. I am running trend micro worry free business security 5.1.

    Pleaes help, sorry if this is in the wrong area.

  • #2
    Re: Senomix08 TCP packets

    You have transport layer name resolution enabled in Wireshark. Something is using the same port number so it gets picked up as Senomix08.

    There's no way for us to tell since we don't know what you have on your network.

    Go to the src/dst IPs and do a "netstat -b" and see if anything is on port 8059

    Comment


    • #3
      Re: Senomix08 TCP packets

      Originally posted by Garen View Post
      You have transport layer name resolution enabled in Wireshark. Something is using the same port number so it gets picked up as Senomix08.

      There's no way for us to tell since we don't know what you have on your network.

      Go to the src/dst IPs and do a "netstat -b" and see if anything is on port 8059
      Thanks, once I turned off the transport layer name resolution, I figured out that it was one of my information gathering programs using that port.....silly me

      Comment

      Working...
      X