From the course: Wireshark: Malware and Forensics
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Unwanted TOR activity - Wireshark Tutorial
From the course: Wireshark: Malware and Forensics
Unwanted TOR activity
- On a busy corporate network, it's hard to keep track of all client activity. And it's hard to keep up with all the threads on the network. The one thing I do not like to see in a network is TOR activity. TOR is The Onion Router. It encrypts and conceals the activity using a stream that looks just like h-t-t-p-s, or transport layer security. In this packet capture, we'll step through looking at some evidence that TOR is at play. We take a look at the capture and then go to Statistics, and then to Conversations. In looking at the Conversations, I'll go to TCP and then I'll sort. Now, I'm going to highlight right in this area, here. Understand that I would've looked at all of the activity, and all the ports, but I was curious as to what was happening over Port 9001. So I went out to take a look at what activity that might be, and here I find information about Port 9001. When I go there, you can see that there is a couple of activities that are related to Port 9001, one being the TOR…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.