From the course: Cisco Network Security: Content and Endpoint Security
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Case study: Malware confirmation
From the course: Cisco Network Security: Content and Endpoint Security
Case study: Malware confirmation
- [Instructor] So we suspect that there's malicious activity. The next step is examine the DNS traffic and then take a look at virus total and then a lookup on a suspicious IP address. I'm gonna scroll down really slowly. I want you to take a look at, this is the individual frame right here on, in this lower section, this lower pane, and here's a list of the captured packets. I'm going to just scroll down each of those and see if you can notice anything that's unusual. Okay, what's unusual is DNS we know uses UDP and TCP, but DNS only uses TCP for a full zone transfer. A request and response has to be fast, and in general DNS will use UDP. So you can see in this case it's using TCP. Now, you see a lot of IP addresses there, and what I did do was I grabbed one of the IP addresses. I'm gonna take this off here. And you see amellet.bit. I'm just gonna close this out here. So what I have here, and I'm just gonna right click and I'll say follow the TCP stream. So here I see the host…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.