I got a pcap and need to have it deep analysed to find a netbot, how do i do this with wireshark??
asked 12 Jan '14, 07:22
closed 12 Jan '14, 07:29
Kurt Knochner ♦
The question has been closed for the following reason “You have been told in other questions, that your request is off-toppic!!” by Kurt Knochner 12 Jan ‘14, 07:29
You tagged your question with "encrypted", so if you can't decrypt the traffic you're out of luck. Unless you have a different approach (like statistical or differential analysis of meta data) that could deal with it without decrypting things. If you can decrypt the stuff you should look for unusual protocols, unusual protocol activity, hosts you don't recognize, strange delta times, and other things that seem odd.
This all requires patience and a lot of experience in reading packet traces, of course.
answered 12 Jan '14, 07:29