Packet analysis is one of the most important skills a security professional should master. Today, the world's leading network traffic analyzer, Wireshark, is used to analyze malware traffic.

Wireshark is a popular network protocol analysis tool that allows you to gain insight into the live data of a network. It is a free and open source tool that runs on multiple platforms.

website
http://hackexplorer.net/

Sample files in the video
https://github.com/HackeXPlorer/Channel-Resources

time stamp
0:00 Introduction
0:35 Wiershark short introduction
0:46 What are IOCs?
1:35 Wireshark interface
2:38 Protocol hierarchy – understanding traffic
3:56 Use filters
4:38 Add columns to the interface (HTTP destination)
5:28 Find source and destination port
6:58 Finding the downloaded infected files
9:26 Find hash values of the files
10:06 Use Virustotal
11:43 Find infected website
12:26 Find the IP address of the infected site
12:44 Find the MAC address of the infected machine
12:56 Find the hostname of the infected machine
14:24 Actions based on the results
15:05 Learn more – Wireshark 101
15:24 More exercises at www.malware-traffic-analysis.net

Download Wireshark
https://www.wireshark.org/download.html

Download malware traffic sample
http://www.malware-traffic-analysis.net/2014/11/16/index.html

Main page: http://www.malware-traffic-analysis.net/

HashMyFiles

HashMyFiles is a small utility that allows you to calculate the MD5 and SHA1 hashes of one or more files on your system.

Download: https://www.nirsoft.net/utils/hash_my_files.html

Hishan Shouketh 2019

Facebook
https://www.facebook.com/hackexplorer

Þjórsárden
https://twitter.com/Hack_Explorer

Instagram
https://www.instagram.com/hackexplorer/

Please take the opportunity to connect with your friends and family and share this video with them if you find it useful.