In our analysis of the PCAP file, we will try three analysis techniques to find any indicators of malicious activity. To load a PCAP file in Wireshark, open Wireshark and in the menu bar, click ‘File’, then click ‘Open’ and navigate to the file’s location, then click ‘Open.’ It will also change the time display to a readable version. This configuration will make the requested domains and connected hosts clearer to you. In order to make the analysis easier, make sure Wireshark is configured following this tutorial. Other options can be found in Article #282: Recommendations on Secure File Sharing and File Storage. If not we can use a peer-to-peer file sharing channel such as Onionshare.
0 Comments
Leave a Reply. |