Wireshark - Malware traffic Analysis
Рет қаралды 192,070
Күн бұрынPacket analysis is one of the important skills that a security professional should master, Today Will be using the Worlds leading network traffic analyzer, Wireshark for malware traffic analysis,
Wireshark is a popular network protocol analyzer tool that enables you to gain visibility into the live data on a network. It’s a free and open-source tool that runs on multiple platforms.
🌏Web Site
hackexplorer.net/
💾Sample files in video
github.com/HackeXPlorer/Chann...
TimeStamps
0:00 Introduction
0:35 Wiershark quick intro
0:46 What are IOC's?
1:35 Wireshark interface
2:38 Protocol Hierarchy - Understand traffic
3:56 Using filters
4:38 Adding columns to the interface (HTTP destination)
5:28 Find source and destination port
6:58 Finding the infected files downloaded
9:26 Finding hash values of the files
10:06 Using Virustotal
11:43 Find infected website
12:26 Find IP address of the infected site
12:44 Find the MAC address of the infected machine
12:56 Find the Hostname of the infected machine
14:24 Actions on the findings
15:05 More learning - Wireshark 101
15:24 More exercises on www.malware-traffic-analysis.net
Download Wireshark
www.wireshark.org/download.html
Download Malware traffic sample
www.malware-traffic-analysis.n...
Main site: www.malware-traffic-analysis.net/
HashMyFiles
HashMyFiles is a small utility that allows you to calculate the MD5 and SHA1 hashes of one or more files in your system.
Download: www.nirsoft.net/utils/hash_my...
Hishan Shouketh 2019
Facebook
/ hackexplorer
Twitter
/ hack_explorer
Instagram
/ hackexplorer
@phennessey3 2 жыл бұрын
This was more informative then my worthless college professor and textbook combined. Not only did I pass my lab because of this video, I also learned a lot. Thank you for sharing with us!!!!!!!!!!
@theconcierge9301 2 жыл бұрын
that was the best explaination i´ve ever seen on youtube. bravo! you should bring more content out about wireshark and live examples. great!
@nicholegoh6574 Күн бұрын
life saver really was so lost with an assignment due tmr and chanced upon this video thanku sm !!
@devislight 3 жыл бұрын
Brilliant, clear and great clarity in the delivery. Thank you so much. 👍👏
@brooklynzoo81 4 жыл бұрын
This was presented and broken down very well. Thank you ! Subscribed
@HackeXPlorer 4 жыл бұрын
Thank you for your feedback, appreciate it.
@TirthPatel7923 3 жыл бұрын
Hey bro, I have a project to do on Wireshark, I have to analyze the files, can you please help me out please, like we can meet on zoom
@cyb3rmeerk4t51 4 жыл бұрын
Hopefully more episodes of this as well. Thank you for sharing your knowledge
@HackeXPlorer 4 жыл бұрын
You are welcome Mandz 👍
@Foxx999 3 жыл бұрын
Excellent presentation, I actually used this for a guide and was able to make a lot more sense of what I was seeing, Thanks a mil!
@HackeXPlorer 3 жыл бұрын
Thank you for the feedback fox, highly appreciate it
@acostamanuel2011 3 жыл бұрын
Great step by step video. Exactly what i was looking for!!
@HazelJLMboya 6 ай бұрын
I'm just 5mins into this and it's sooo helpful.Totally assisted in better understanding of wireshark. Thank you . NOT ALL HEROES WEAR CAPES!!!
@Cyber_Jagat Жыл бұрын
I had been looking for this type of worth content and in this video you covered a lot. Thanks for a worthy video.
@hilkokriel5659 3 жыл бұрын
WOW!! Crazy level of detail and new-user friendly. Thank you very much for uploading.
@HackeXPlorer 3 жыл бұрын
You're very welcome! Hilko 👍
@FrankTranDesign 3 жыл бұрын
Dang, this is super informative. It's 2021, and this video is still ultra useful. Thank you!
@HackeXPlorer 3 жыл бұрын
The source material i referred to was even older. But still this is the fundamentals 😁. But builds a strong foundation
@Kinoti9 3 жыл бұрын
Wow that was really really smooth. Thanks. Subbed already
@tomasguagniniiglesias3798 Жыл бұрын
Amazing, really clear, you are a great instructor. As I read on a comment below, I learned more from you in 16 min that from textbooks and professor in college
@HackeXPlorer Жыл бұрын
Thank you for the feedback Tomas
@dsha31 8 ай бұрын
Very well done..Will be sharing with my SOC team.
@abdoumjid9122 4 жыл бұрын
First of all, I want to thank you for the logical processes that you've shared here in this video, you have my subscription and like, and please make some playlists about every tool.
@HackeXPlorer 4 жыл бұрын
Thankyou very much abdou 👍
@ruthawele2102 3 жыл бұрын
Omg this is the best malware capture vid for Wireshark, Thank you so much for explaining step-by-step. its really helped me in packet analysis and hunting. Thanks mate!!!
@HackeXPlorer 3 жыл бұрын
You are welcome Ruth, thank-you for the feedback.
@lokeshavm8366 10 ай бұрын
Great explanation, Please keep posting more videos.
@Toczusiek 3 жыл бұрын
You rock man, I needed it to do my university exercise. Thank you so much :)
@TirthPatel7923 3 жыл бұрын
Hey bro, I have a project to do, analyzing the pcap files.. It would be nice of you if you can help me out. PLEASEEE, like we can do a google meet meeting or zoom or something that you like. PLEASE
@ashanlahiru8020 2 жыл бұрын
Hey bro, I want a help from both of you For my Uni Assignmnt.. Please Can You??
@nashimahmed7035 4 жыл бұрын
Found something very interesting... really like to see such videos upcoming.. Thanks for sharing !!
@HackeXPlorer 4 жыл бұрын
Appreciate your feedback Nashim
@josephnduati1214 4 жыл бұрын
Very well explained and demonstrated. You made a confusing subject easy to understand. Thank you!
@HackeXPlorer 4 жыл бұрын
Thankyou for the feedback Joseph 👍
@TirthPatel7923 3 жыл бұрын
Hey bro, I have a project to do, analyzing the pcap files.. It would be nice of you if you can help me out. PLEASEEE, like we can do a google meet meeting or zoom or something that you like. PLEASE
@barkath005 Жыл бұрын
Thanks for the easy step by step guidance. Appreciate your efforts. 👍👍👍
@skatetown100 2 жыл бұрын
Excellent .. just excellent !!!!! Thanks for this!!
@trendyniro Жыл бұрын
very practical, was able to understand easily. Kudos!
@povadventures3740 Жыл бұрын
I've learned quite a bit knowledge on his analysis. I'm surprise this channel haven't blew up yet. Subscribed for more!! lets go!
@HackeXPlorer Жыл бұрын
Thanks for the feedback
@v380riMz 2 жыл бұрын
Thanks alot, that export objects is extremely helpful which I didn't know about!
@georgegonduan8464 11 ай бұрын
Thanks for the help to understanding wireshark
@tanaysamanta4730 2 жыл бұрын
Really man! This video was amazing! Thank you!
@yadvindersingh4656 3 жыл бұрын
The flow was great. Thanks for sharing
@HackeXPlorer 3 жыл бұрын
Glad you enjoyed it!
@happyagain855 3 жыл бұрын
This the most informative, hands on video I've watched on this tube about this subject...Just amazing man. Thank you very much.
@HackeXPlorer 3 жыл бұрын
Thank you for the valuable feedback :)
@jadielkyle6077 2 жыл бұрын
I dont mean to be off topic but does someone know a trick to get back into an Instagram account? I was stupid forgot my password. I love any tips you can give me
@Jackie_Labrador 2 жыл бұрын
Excellent video :) Thanks
@emmanuelmarosi3736 2 жыл бұрын
this is the best wireshark tutorial
@johnjohn7549 2 жыл бұрын
Very interesting and presented in a clear manner. Was a little fast a points, but can hopefully learn those bits later.
@fritzbiederstadt4869 2 жыл бұрын
Outstanding video about using Wireshark for security related purposes. I've been doing protocol analysis for a long time with various protocol analyzers, Wireshark is my hands-down favorite. However I've only used it for TCP and application performance analysis and troubleshooting. Although I've had thoughts about getting into the security side of things since, there has been some hesitation. My experience with performance analysis is advanced with computer communication protocols, service layers, etc. Learned a lot - I believe I will download and work through some of this. I'm already using most of the same methodology on the performance analysis side, so it should easy to transfer over my skills. Thanks!
@HackeXPlorer 2 жыл бұрын
Thankyou for you feedback Fritz, these keep me motivated to make more videos like this
@sambitsahoo1123 2 жыл бұрын
Careful! He's a hero!!! Subscribed !!!
@Leokhawarizmi 3 жыл бұрын
I have learned so much today just in one video, thank you so much please keep going
@HackeXPlorer 3 жыл бұрын
Glad this was helpful, thankyou Leo.
@njayapavithra1705 3 жыл бұрын
Amazing, the author explained it so easy. Thank you
@HackeXPlorer 3 жыл бұрын
Thankyou for thr feedback Jaya.
@konulaslanova2608 2 жыл бұрын
Excellent. You made it so clear.
@HackeXPlorer 2 жыл бұрын
Thank you Konul
@user-rj3rv6mv5z 9 ай бұрын
Good explanation and new information.
@muratafsar9753 4 жыл бұрын
This is amazing work. Thank you sir. Subscribed !
@HackeXPlorer 4 жыл бұрын
Thank you for the feedback ,Murat
@pchebbi 4 жыл бұрын
Nice explanation with good demo. Thank you!
@HackeXPlorer 4 жыл бұрын
You are welcome Prasanna
@lawrencestowe7070 3 жыл бұрын
Really good video, great advice with columns etc
@HackeXPlorer 3 жыл бұрын
Glad it helped!
@showvik012 3 жыл бұрын
Keep them videos coming. Good work!
@HackeXPlorer 3 жыл бұрын
Thankyou Showvik
@rashmiraghukumar5821 Жыл бұрын
Thanks, alot!!! for uploading this informative video, I really learned a lot about Wireshark ethereal
@HackeXPlorer Жыл бұрын
Thanks for the feedback Rashmi 👍
@dhanukawickramasinghe9290 3 жыл бұрын
thank you man. it was really helpful
@vengalachandu4080 2 жыл бұрын
Excellent # keep doing 👏 👍
@little_trash_panda 2 жыл бұрын
I'm a master student and this video is very helpful for me to do my homework. It is so informative! Thank you.
@HackeXPlorer 2 жыл бұрын
I am glad that this helped you,do let me know what kind of other topics that will be helpful for your studies.
@Martin-ot7xj Жыл бұрын
Hi there, it was a very very useful & informative tutorial video. please upload more about Wireshark. thnx
@ImranShaikh-kt7ey 3 жыл бұрын
Amazing episode 🔥🔥🔥
@riyazshaikh6373 3 жыл бұрын
Amazing stuff. presented in a very easy manner to understand.
@HackeXPlorer 3 жыл бұрын
Glad you liked it! Riyaz
@larrypedringer6352 3 жыл бұрын
Great presentation and information. Thanks!
@HackeXPlorer 3 жыл бұрын
Thankyou Larry
@ashutoshrajput988 3 жыл бұрын
the best video on youtube till now. thanks
@HackeXPlorer 3 жыл бұрын
Glad it helped
@leestaton1697 2 жыл бұрын
good channel I like how you go in depth regarding wireshark Ive got wireshark
@HackeXPlorer 2 жыл бұрын
Thankyou Lee, appreciate the valuable feedback.
@lastofdev777 3 жыл бұрын
Thank you man, I really need it for my assigment.
@HackeXPlorer 3 жыл бұрын
Glad this helped you, thanx for the feedback
@shafrinainn365 2 жыл бұрын
Very informative and very good explanation. Thank you.
@HackeXPlorer 2 жыл бұрын
Thankyou Shafrina 👍👍
@artember1200 4 жыл бұрын
Great work,very informative and professional
@HackeXPlorer 4 жыл бұрын
Thankyou for the feedback Artem.
@BiharCentralSchool 2 жыл бұрын
Absolutely Brilliant EXplanantion
@HackeXPlorer 2 жыл бұрын
Thankyou very much
@awaisshakir1 4 жыл бұрын
Your work is exceptional 👍 please make more videos soon
@HackeXPlorer 4 жыл бұрын
hey Shakir, thanks for the feedback. yah hope to do more soon. stay tuned
@tugrulserhat 2 жыл бұрын
very nicely done video. thanks a lot
@chirojitsarkar 3 жыл бұрын
Fantastic Explanation. It is really helpful for WIRESHARK Beginners.
@HackeXPlorer 3 жыл бұрын
Glad it was helpful! Thank you Chirojit.
@ravindra.waghmare 3 жыл бұрын
Wonderful...very nicely explained.!!
@HackeXPlorer 3 жыл бұрын
Thanks a lot 😊
@sonujalwal4768 Жыл бұрын
very informative video thanks
@fudbalskafilozofija2818 Жыл бұрын
TNice tutorials tutorial is so good, tysm
@youssefelankoud6497 4 жыл бұрын
Thank you so much, this video it's very useful, keep sharing your knowledge
@HackeXPlorer 4 жыл бұрын
You are welcome, and thankyou for the feedback. Appreciate it.
@_admin_user 2 жыл бұрын
very informative video
@muruga403 4 жыл бұрын
Thank you very much for sharing your knowledge, it's very useful Milles merci
@HackeXPlorer 4 жыл бұрын
it's a pleasure Muvi. De rien
@mohdfirdaus5237 3 жыл бұрын
Thanks man. Great Explanation.
@HackeXPlorer 3 жыл бұрын
Glad it was helpful! Mohd (y)
@bolimov Жыл бұрын
amazing video. simply explained. thanks for the content.
@HackeXPlorer Жыл бұрын
Thank you for your feedback, appreciate it
@josed4540 4 жыл бұрын
This was very helpful please make more packet analysis videos, maybe other attacks like XSS, beaconing activity and Trojans. Thank you.
@HackeXPlorer 4 жыл бұрын
Thank you Tony, valuable suggestions. I'll add these topics to my future work.
@nilanjenator 3 жыл бұрын
Echoing other comments - nice, well made video. Good focus on teaching, rather than video production. At the same time, very practical information.
@HackeXPlorer 3 жыл бұрын
Thank you for the feedback Nilanjan. Appreciate it a lot.
@SandyLaVogue Жыл бұрын
great content!
@orca2162 3 жыл бұрын
Great explanation - thank you
@HackeXPlorer 3 жыл бұрын
Many thanks for the feedback Orca.
@ShartedDownMyLeg 2 жыл бұрын
Great video, worth a sub.
@HackeXPlorer 2 жыл бұрын
Thanks for the sub!
@omomeneehinome 2 жыл бұрын
awesome. thank you
@immunesicness3399 2 жыл бұрын
Finaly some info to work with
@PADARIAD 2 жыл бұрын
No bu****It, right to the point! Love it! you are awesome!
@HackeXPlorer 2 жыл бұрын
Thankyou for the valuable feedback Darpan.
@pnn0656 3 жыл бұрын
Thanks for such a nice video, you have explained very well and thisbis very very helpful for me
@HackeXPlorer 3 жыл бұрын
You are welcome, thanks for the feedback
@channel98-jcrx-tv58 3 жыл бұрын
Thank you man!
@HackeXPlorer 3 жыл бұрын
Happy to help!
@shivendrapratapsingh263 Жыл бұрын
amazing tutorial
@humanrelations3664 3 жыл бұрын
Thanks for the video !!!
@HackeXPlorer 3 жыл бұрын
Thanks appreciate it ☺️
@ms7414 9 ай бұрын
Very useful and well done video. I only wish you had expounded more on the other suspicious server little more in depth. Thanks.
@amirghost281 3 жыл бұрын
Thanks bro , you saved me 👍
@saby826 3 жыл бұрын
Very well explained.
@HackeXPlorer 3 жыл бұрын
Thanks Saby
@yelinsoe3428 2 жыл бұрын
Prefect informations!
@HackeXPlorer 2 жыл бұрын
Thank you very much
@tanzeelhassan2934 4 жыл бұрын
awesome. thanks so much!
@HackeXPlorer 4 жыл бұрын
Hey, Tanzeel you are welcome.
@meeraramanujam3665 Жыл бұрын
Thank you🙏🏼
@HackeXPlorer Жыл бұрын
You’re welcome 😊
@gamehype3207 Жыл бұрын
THANK YOU SO MUCH
@HackeXPlorer Жыл бұрын
You're welcome!
@adityapaithon6499 4 жыл бұрын
great job!
@HackeXPlorer 4 жыл бұрын
Thank you Adithya.
@ghitansilviu2389 2 жыл бұрын
nice man, tks , i didn.t know how to see the host name. i do now...
@ReligionAndMaterialismDebunked Жыл бұрын
Thanks, fellow ethical hacker!
@ParasScorpio 3 жыл бұрын
Thanks a lot Sir.
@HackeXPlorer 3 жыл бұрын
Most welcome Paras:)
@Brunochavesj 2 жыл бұрын
Nice
@kumarputtappa6507 3 жыл бұрын
Hi Sir, I found this useful and shared it with my Front line team to analyze the PCAP logs. Can you please post one more video to analyze the slowness/performance issue when using a different protocol like ( PCoIP, Blast) Some times we face issues saying unable to launch the VDI when using PCoIP and the blast works fine(vice versa). If we can analyze the network logs we can suggest what can be done in his network. . Curious to know how to find the cause and suggest things better.
@abhishekrajput9434 3 жыл бұрын
Thanxs.
@ausmanx1161 2 жыл бұрын
Great video Just wondering, when saving those malicious files, while it infect your computer or does it only do that when you run the files
@HackeXPlorer 2 жыл бұрын
only when you run.
@kashifumer9283 Жыл бұрын
I feel you
@mohamadsalhani 2 ай бұрын
Thanks a lot for your efforts. Could you please send again the link of the traffic sample? The one in the description was not opened. I think you used the version 2014 (MTA-2014-files-contains-malware.zip), then the pw should be infected_2014, it also was not worked. Thanks in advance.
@gurpreet4449 2 жыл бұрын
I guess this video is helpful only for HTTP traffic. Most of the websites we visit are HTTPS. How can we do malware analysis for the TLS/HTTPS traffic ? Thank you.
@nandorbacso4625 Жыл бұрын
Hey, great video, but I got stuck at some point: For me, all the options under File/Export Objects are grey. Should I select something or is there anything I am missing? Thanks!
@HackeXPlorer Жыл бұрын
If you have a http traffic capture, try typing "http" as a filter, then select a packet . Then check the export object option
@kranthikumari7703 2 жыл бұрын
Best informative video ever. Keep posting more. This video really helped me understanding analysis. I gave practical try with all the available data. One thing where I lost and now worried is , sample Java extension which downloaded from PCAP data is disappearing after 5 to 10 secs. Can you please help or say why it disappears
@HackeXPlorer 2 жыл бұрын
Hi Kranthi, nice hear this helped you. The reason the file is disappear is because the antivirus is deleting the file. Would recommend you do this in Virtual windows box with AV disabled.
@kranthikumari7703 2 жыл бұрын
@@HackeXPlorer your reply did really helped, thanks for your response. i got one more doubt. i used hashmyfiles on windows but for ubuntu i didn't find any application for checking the hash of a file. since i tried this on ubuntu on my VM. so on Linux, there are command-based hash findings but my worry is if I use command-based 1) will those malicious files get accessed and will my ubuntu machine gets infected. 2) is there any app like filemyhash like on windows for ubuntu too. Really appreciate for your time and response.
@HackeXPlorer 2 жыл бұрын
Hi Again, linux is the best way to saflly analyse a windows malware 1) no using the command line options wont execute the malware. Ex sha1sum {filename} md5sum {filename} are some of thr commandline options u can use 2)no need of a additional application in linux to check the hass values, we used hashmyfiles in windows as there was no built in command link tool ik windows at the time, but now you can use PowerShell commands instead of the above application. Use Get-FileHash command. docs.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/get-filehash?view=powershell-7.1
@kranthikumari7703 2 жыл бұрын
@@HackeXPlorer Thanks for clarifying. Already love step by step explanation. Now repect for timely response and clarifying. please keep sharing knowledge. Thankyou.
Gerald Auger, PhD - Simply Cyber
Рет қаралды 54 М.
SharkFest Wireshark Developer and User Conference
Рет қаралды 60 М.
The PC Security Channel
Рет қаралды 1,1 МЛН
Skilled Inspirational Academy(www.sianets.com)
Рет қаралды 22 М.