I'm a novice user. I suspect my computer's been hacked. With help, I've captured a trace of my router traffic, and want to filter the results in Wireshark.
What should I enter in the filter field? I'm trying to achieve two things:
asked 08 May '13, 04:30
This is not going to be simple. To determine what is malicious traffic and what isn't you need to know how "good" traffic looks like. And that is depending on what your PC is supposed to do on the network. For example of you're not using a web browser while you capture but you see HTTP traffic it could be hidden communication, but it may also be a background patch mechanism at work. So first you need to spot traffic that you can't explain, then find out what program it was caused by, and determine if it is a good or bad program.
answered 08 May '13, 05:28