Analyze Infected Host With Wireshark

 

Introducing to the world of Wireshark.

 Analyze unique communications to/from a bot-infected host, reassembles an IRC communication over a non-standard port, and identifies what bot is on the infected host and spot unusual DNS replies..

This analysis is carried out using WireShark, a network analysis tool formerly known as Ethereal, captures packets in real time and displays them in human-readable format. Wireshark includes filters, color-coding and other features that let you dig deep into network traffic and inspect individual packets.

TCP threeway handshake is used for initiating a connection.

The TCP three-way handshake in Transmission Control Protocol (also called the TCP-handshake; three message handshake and/or SYN-SYN-ACK) is the method used by TCP set up a TCP/IP connection over an Internet Protocol based network. TCP’s three way handshaking technique is often referred to as “SYN-SYN-ACK” (or more accurately SYN, SYN-ACK, ACK) because there are three messages transmitted by TCP to negotiate and start a TCP session between two computers.

Download Links :

Link 1

Link 2

Link 3