In the unfolding narrative of network security, the organization’s vigilant response to a surge in suspicious activity reveals a clandestine web of LLMNR and NBT-NS poisoning attacks. Armed with tools like Wireshark, the investigation meticulously traces the attacker’s footsteps. A mistyped query, “fileshaare,” emerges from legitimate network traffic, providing a subtle entry point. Through the digital fog, the rogue machine’s IP address is exposed at 192.168.232.215, while a second victim’s IP, 192.168.232.176, bears witness to the extent of the intrusion. Compromised user credentials lead to the unmasking of “janesmith” as the targeted account, and the accessed machine’s hostname, “AccountingPC,” offers a glimpse into the attacker’s activities. This cybersecurity odyssey underscores the imperative of swift detection and response in safeguarding the network’s resilience.