Today I will give an overview of the software Wireshark. The Wireshark is a tool for collecting and analysing network data. While a web proxy, such as Fiddler, focuses on HTTP/HTTPS traffic, Wireshark enables deep packet analysis of numerous protocols at several levels. While analysing packet captures in Wireshark, it is also possible to retrieve files from the pcap that have been downloaded by the virus(Fox, 2021)
According to CompTIA(2022), Wireshark is the most popular packet sniffer. Wireshark, like any other packet sniffer, performs three functions:
- Packet Capture: Wireshark listens in real-time to a network connection and then captures large streams of data — potentially tens of thousands of packets at a time.
- Filtering: Wireshark can slice and dice all of this random live data using filters. You can get only the information you need by using a filter.
- Visualisation: Like any decent packet sniffer, Wireshark allows you to dig right into the centre of network transmission. It can even display whole chats and network feed.
References
CompTIA, 2022. What Is Wireshark and How to Use It | Cybersecurity | CompTIA. [online] Default. Available at: <https://www.comptia.org/content/articles/what-is-wireshark-and-how-to-use-it> [Accessed 6 June 2022].
Fox, N., 2021. 11 Best Malware Analysis Tools and Their Features. [online] Varonis.com. Available at: <https://www.varonis.com/blog/malware-analysis-tools#PeStudio> [Accessed 6 June 2022].
Comments
Post a Comment