Wireshark: Malware and Forensics

Learn to use Wireshark for deep packet analysis, capturing, and forensics. Learn to detect and handle unusual traffic on a network and prevent malicious activity.

Introduction

• Sniffing out the bad guys
• What you should know

1. Recognizing Today's Threats

• Exploring cyberattacks and trends
• Understanding malware and cyber threats
• Packet analysis overview
• Outlining the benefits of Wireshark
• Tshark
• Tap into your network
• Create firewall rules
• Challenge: Email forensics
• Response: Email forensics

2. Diving into the Network

• Baseline your network
• Displaying data using filters
• Creating complex filters
• Capture filters
• Using statistics
• Save, export, and print
• Coloring rules
• Using a ring buffer
• Challenge: HTTP packets
• Solution: HTTP packets
• Challenge: Firewall rules
• Solution: Firewall rules

3. Examining Unusual Traffic

• OSI layer attacks
• Indications of compromise
• Ports related to malicious activity
• Understanding port scans
• Investigating attacks
• Using VirusTotal
• Challenge: Analyze
• Solution: Analyze

4. Case Studies

• Fast flux DNS
• Trojan in the house
• Unwanted TOR activity
• Challenge: Packets and filters
• Solution: Packets and filters

Conclusion

• Next steps