Help! Unknown CIFS protocol

Discussion in 'Capsa Network Analyzer' started by Miranda Row, Nov 25, 2010.

Thread Status:
Not open for further replies.
  1. Miranda Row

    Miranda Row Registered Member

    Joined:
    Nov 24, 2010
    Posts:
    1
    Hi,

    I just notice the massive CIFS protocol traffic. No clue what is it. Anybody knows about it?

    2010.png
     
  2. brian_mi

    brian_mi Registered Member

    Joined:
    Feb 4, 2010
    Posts:
    12
    From your screenshot I see the CIFS packets are sent out with little time interval. Maybe a virus on that machine?
     
  3. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
  4. brian_mi

    brian_mi Registered Member

    Joined:
    Feb 4, 2010
    Posts:
    12
    I think it's nothing to do with CIFS, just a worm using 445 port?
     
  5. hrj_email

    hrj_email Registered Member

    Joined:
    Dec 13, 2010
    Posts:
    3
    Hi,
    you must consider CIF protocol involve alot of ports, for example if you use ACRONIS for backuping your clients , in capsa the port used for Acronis named CIF.

    Another example is when your clients get commands and task from AntiVirus administration KITS for example Kaspersky Administration Kit , Capsa show it as CIF protocol.

    So dont be afraid and check all of them.
     
Thread Status:
Not open for further replies.