Join Lisa Bock for an in-depth discussion in this video Solution: Analyze, part of Wireshark: Malware and Forensics.
- [Narrator] When you have access to someone's system,…you can do an investigation that includes…running netstat and also the task manager.…Here I've taken the results…of running netstat on my system.…On this you can see the active connections.…On the right hand side you see the process ID.…That's what you would correlate with the activity…in your task manager.…
When going through, I look at the port numbers…and I go into the search bar and just put…port number, whatever one I felt would be suspicious,…and find out a little bit more information about the port.…The one that did come up as flagged was right here:…port 65111.…Port 65111 is associated with a trojan.…
As you can see here, it's a trojan…that opens a back door on the compromised computer…and listens for remote commands.…In addition, you might want to take a look…at the IP address,…188.8.131.52.…I was unable to go to that IP address,…but it did give me a little bit of information…in that there was one report for this IP address…showing that it may have been involved…
- Trends in cyberattacks
- Preventing system compromise
- Analyzing packets
- Using Wireshark
- Creating firewall rules
- Baselining a network
- Using capture filters
- Using a ring buffer
- Handling OSI layer attacks
- Identifying attack signatures
- Using VirusTotal
- Handling unwanted TOR activity
Skill Level Intermediate
Troubleshooting Your Network with Wiresharkwith Lisa Bock2h 35m Intermediate
Insights from a Cybersecurity Professionalwith Mike Chapple32m 15s Appropriate for all
1. Deep Packet Analysis
2. Capture Overview
3. Unusual Traffic
4. Case Studies
Next steps1m 30s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.