Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
11 views4 pages

Ex 7

Uploaded by

Raj Singh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
11 views4 pages

Ex 7

Uploaded by

Raj Singh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

Name – Harsh Singh

Name-shalu
Roll No. – singh
2300290130080 Section-B
RollNo-2300290130174

EXPERIMENT NO. – 07

Object - Malware Traffic Analysis: Analyze captured traffic to identify signs of malware
communication, such as command-and-control traffic or data infiltration.

Ques. What do mean by Malware Traffic Analysis ?


Ans. Malware Traffic Analysis is a critical skill in cybersecurity, particularly for incident
response and threat hunting. It involves examining captured network traffic (PCAP files or live
traffic) to detect patterns and artifacts associated with malware activity. Here's a breakdown of
how it's done and what to look for:

What is Malware Traffic Analysis?


It's the process of inspecting network communications to and from potentially compromised
hosts to identify:

• Malware infections: Confirming if a machine is infected.


• Command and Control (C2/C&C) communication: How malware talks to its
operators.

• Data exfiltration: Malware stealing and sending out sensitive information.

• Lateral movement: Malware trying to spread to other systems on the network.


• Malware delivery mechanisms: How the malware initially arrived (e.g., via a
malicious download).
• Indicators of Compromise (IOCs): Such as malicious IP addresses, domains, URLs,
or file hashes that can be used to identify and block threats.

-Understanding port no. of different protocols –

1. Http – 80

2. Https – 443

3. Ftp – 21
4. Dns – 53

5. Smtp -25

Packets Captured by Wireshark –

TCP HEADER –
TCP header is a metadata attachd to each TCP segment , containing information used to
manage the connetion, ensure data arrives correctly, and maintain order.

Identifying the various port address -


TCP HEADER TABLE –
SOURCE PORT - 55000

DESTINATION PORT - 443

SEQUENCE NUMBER - 32056

ACKNOWLEDGEMENT NUMBER - 914446

FLAGS - 0*010 (ACK)

WINDOWS - 65535

CHECKSUM - 0*5d48

URGENT POINTER - 0

IP HEADER –
The IP header is a crucial part of an Internet Protocol (IP) datagram (or packet). Think of an IP
packet like a letter being sent through the mail; the IP header is like the envelope. It contains
essential information that network routers use to decide where to send the packet and how to
handle it.

Identifying the various port address –


IP HEADER TABLE –
VERSION - 4

HEADER LENGTH - 20 BYTES (5)

TYPE OF SERVICE - 0*00 (DSCP: CS0, ECN: NOT-ECT)


TOTAL LENGTH - 40

IDENTIFICATION - 0*6f23 (28451)

IP FLAGS - 0*2 DON’T FRAGMENT

FRAGMENT OFFSET - 0
TIME TO LIVE - 64

PROTOCOL - TCP (6)

SOURCE ADDRESS - 10.0.2.15

DESTINATION ADDRESS - 142.250.194.36


HEADER CHECKSUM - 0*6e7f

You might also like