Hi every one, How can i understand that Is there any malware involved in the network by checking Wireshark results? asked 22 May '15, 12:52  samira |
One Answer:
There is no simple way to figure out if there is a malware infection, by looking at capture files, as there are tons of different malware types out there and they all behave differently. There are some indicators, like a lot of connections or a lot of traffic form a single client (Statistics -> Conversations), "strange" DNS queries, etc. So, if you are not looking for a specific malware, where you know what to look for, it's going to be a tough job, which involves a lot of experience with malware in general, networking protocols, a fairly good knowledge what's "normal traffic" on your network, etc. You should start by reading the other questions tagged with malware, to get an idea. Regards answered 24 May '15, 03:04  Kurt Knochner ♦ |
