Comment: Packet sniffer

(See in situ)

In reply to comment: thx.. again... (see in situ)

Packet sniffer

Installing a packet sniffer between the effected machine and the outside world is a standard place to start. Hopefully the effected machine isn't down long enough to be noticed by the attacker. The sniffer will simply record all traffic on that network segment. From there all known-good traffic is ruled out, all protocols to all ports to all times until you hopefully isolate what is theoretically effecting that machine.

Of course it might not be a network attack, the problem may have made it onto the effected machine from a thumb drive, an SD card, what have you.

There is nothing strange about having a bar of soap in your right pocket, it's just what's happening.