Chapter 6 Wireshark Part 2: Analyzing Malware Traffic

6.1 Introduction

In this section we will analyze network traffic from an infected machine. The goal of this section is analyze wireshark pcap file and identify when a machine was compromised.

In particular we will look at two types of attacks, and arp spoofing attack and dns attack.

6.2 Importing PCAP files into wireshark

Step 1 Load the pcap file from Download the Pcap file from our github page.

[link to wireshark capture]

Step 2 Open wireshark by clicking the on the fin

Step 3 Open the file pcap file by selecting file -> open and navigating to the directory containing the pcap file.

#Scanning the Step 1 Upload the wireshark capture to packet today. Packet total will scan the packet for malicious activity. (Does alot of heavy lifting for us)

Step 2 Click on the malicous activities tag.

[Screen shot highligthing the entry corresponding to meterpreter]

Step 3