Skip to Main Content
Instant Traffic Analysis with Tshark How-to
book

Instant Traffic Analysis with Tshark How-to

by Borja Merino
April 2013
Intermediate to advanced content levelIntermediate to advanced
68 pages
1h 32m
English
Packt Publishing
Content preview from Instant Traffic Analysis with Tshark How-to

Analyzing malware traffic (Must know)

In this recipe we will see how Tshark can be an excellent support tool for malware traffic analysis. Likewise we will see some useful filters that help us identify possible infected computers on our network.

Getting ready

Performing simple checks on our network periodically can help us to detect malware. For example, if your network hosts use an internal DNS to resolve names, something as simple as checking that all requests are coming from that server can help us identify infected hosts. The reason is that malware might bypass the host DNS settings. For example, using the DNS_QUERY_NO_HOSTS_FILE flag in the DnsQuery API, the malware will not query the hosts file. Even better, the malware can open a UDP socket ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Next Generation Red Teaming

Next Generation Red Teaming

Henry Dalziel
Wireshark & Ethereal Network Protocol Analyzer Toolkit

Wireshark & Ethereal Network Protocol Analyzer Toolkit

Jay Beale, Angela Orebaugh, Gilbert Ramirez

Publisher Resources

ISBN: 9781782165385Other