<![CDATA[This study aims to analyze the use of Wireshark in identifying the presence of malware. The primary objective is to identify suspicious communications conducted by malware, such as data transmission to Command and Control (C&C) servers, the use of unusual protocols, or other abnormal communication patterns. Wireshark is used to capture and analyze network traffic, focusing on suspicious communication patterns and protocols frequently used by malware, such as HTTP and DNS. The analyzed data is sourced from high-risk network environments, and the captured traffic is saved in .pcap format for further analysis. The findings of this study reveal that malware often uses HTTP and DNS protocols to communicate with remote servers and employs traffic patterns that are difficult to detect manually. The research successfully identified various traffic patterns indicating the presence of malware, which were subsequently validated using services such as VirusTotal. These findings provide significant contributions to understanding malware behavior and identifying preventive measures to enhance network security.]]>
Copyrights © 2024
