How can I be sure I capture all packets on a pc that likely has a rootkit or trojan. I know some rootkits are able to hide from what Wireshark can capture. I have an extra laptop, is it possible I run Wireshark on the laptop and somehow connect it to the pc to capture packets? asked 16 Aug '16, 09:23  Datura007 |
One Answer:
Yes, see this page for instruction on how to capture traffic of other machine than the one running Wireshark. But to be able to capture and to be able to understand the contents (or even identify the traffic for which the Trojan is responsible among all the other traffic) are different tasks. answered 16 Aug '16, 09:35  sindy |
