This is a static archive of our old Q&A Site. Please post any new questions and answers at

[closed] Help needed on deep analysing PCAP file


I got a pcap and need to have it deep analysed to find a netbot, how do i do this with wireshark??

asked 12 Jan '14, 07:22

MarkV's gravatar image

accept rate: 0%

closed 12 Jan '14, 07:29

Kurt%20Knochner's gravatar image

Kurt Knochner ♦

Again the same question??

(12 Jan '14, 07:27) Kurt Knochner ♦

No, not the same i got a several parts analysed but still it's not the solution, so clearly, me as a first timer, am doing something wrong. Al do i'm a first timer with wireshark, therefore the question if someone could help or point me in the direction on how to get all the information out of the pcap stream, and more to see the crypted or hidden info or url's wich i can't find

(12 Jan '14, 07:33) MarkV

@MarkV, this is a Q&A site for Wireshark and its use. While we often have questions about captures and their contents, for your issue, which is quite general and seems to need a lot of interactive discussion, you will be much better off taking the problem to a malware forum.

If you have a specific question about Wireshark use do feel free to post it here.

(12 Jan '14, 12:43) grahamb ♦

The question has been closed for the following reason “You have been told in other questions, that your request is off-toppic!!” by Kurt Knochner 12 Jan ‘14, 07:29

One Answer:


You tagged your question with "encrypted", so if you can't decrypt the traffic you're out of luck. Unless you have a different approach (like statistical or differential analysis of meta data) that could deal with it without decrypting things. If you can decrypt the stuff you should look for unusual protocols, unusual protocol activity, hosts you don't recognize, strange delta times, and other things that seem odd.

This all requires patience and a lot of experience in reading packet traces, of course.

answered 12 Jan '14, 07:29

Jasper's gravatar image

Jasper ♦♦
accept rate: 18%