![]() So capturing all traffic will only lead to a conclusion under the assumption that the malware is actively communicating and that you are able to recognize traffic by the backdoor as such. Finally, malware is often communicating over TLS and you will have to be able to decrypt the traffic for definitive conclusions about what is going on. Also, it is possible for malware to evade detection by using seemingly unrelated protocols, e.g. Your backdoor could just mimick a request to an image hosted on a seemingly unsuspicious AWS server and it would be hard for you to tell if that request originated from your web browser or the backdoor. For example, if you are browsing the web, it is really hard to dissect all connections for all loaded resources. ![]() Also, chances are that you don't recognize malicious traffic as such:Ī clever backdoor could be designed to only send traffic if other processes are communicating at the same time. Wireshark has become the industry-standard network capture analysis tool, and for good reason. client on a PC which plays a YouTube video and Wireshark is used to capture the internet. The backdoor could just remain inactive for an arbitrary amount of time. Video identification in encrypted network traffic dataset (VPN). Execution is as simple as giving the exe the source and destination files./etl2pcapng.exe c:temp. To generate it by yourself, you can use wireshark or tcpdump in terminal: tcpdump -w capture.pcap-i eth1. The problem with your approach is that you can only confirm that there is malware if you do discover something. There are two opposite ways: to generate it by yourself or to pick a ready one. If the malware is actively communicating, you will be able to capture the traffic and eventually conclude which servers it's contacting (and read the traffic if it's not encrypted). ![]() Would this work in the idea that I would eventually see some odd ip address?
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |