As I’m playing around with Wireshark I thought I’d run an Nessus scan on the Windows portion of my Virtual Hacking Lab to see if I could spot traces of the scan.
Well, as soon as I started the scan Wireshark went into overdrive and in a little over 3 minutes registered over 17,000 packets, which is a HUGE amount compared with normal.
Coupled with this was the fact that the string “Nessus” appeared throughout; some 83 times.
Here’s some examples:
I’ve heard Nessus described as noisy, but my goodness.
And of course, if I understood Wireshark fully, I bet there’s lots more subtle ways of detecting this scan.
I look forward to trying this out with Nmap.