Wireshark · Wireshark-users: Re: [Wireshark-users] Need filters

Wireshark-users: Re: [Wireshark-users] Need filters

From: "David H. Lipman" <DLipman@xxxxxxxxxxx>

Date: Sun, 27 Jun 2010 14:06:07 -0400

From: "M K" <gedropi@xxxxxxxxx>

| Exactly.  Thanks.

| On 6/22/10, bart sikkes <b.sikkes@xxxxxxxxx> wrote:
>>> Thanx!

>>> I passed on your comment.  Maybe what I should do next is point him to
>>> this News group.

>> and what if the malware uses the port(s) you are going to exclude?
>> specially with malware i would be careful with what you call noise,
>> that noise can be used to hide the malware.

After examining much malware, you get a feel for what is noise (background MS OS 
communication) and the malware performing such tasks as; exfiltrtion of data, 
communicating to a C2, worms trying dictionary attacks, sending SQL Injecton packets, etc.

-- 
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

Follow-Ups:
- [Wireshark-users] Which is the stable version for wireshark ?
  - From: Reddy Nagendra-GKTC37

References:
- [Wireshark-users] Need filters
  - From: David H. Lipman
- Re: [Wireshark-users] Need filters
  - From: Jaap Keuter
- Re: [Wireshark-users] Need filters
  - From: David H. Lipman
- Re: [Wireshark-users] Need filters
  - From: Jaap Keuter
- Re: [Wireshark-users] Need filters
  - From: David H. Lipman
- Re: [Wireshark-users] Need filters
  - From: Guy Harris
- Re: [Wireshark-users] Need filters
  - From: David H. Lipman
- Re: [Wireshark-users] Need filters
  - From: Guy Harris
- Re: [Wireshark-users] Need filters
  - From: David H. Lipman
- Re: [Wireshark-users] Need filters
  - From: bart sikkes
- Re: [Wireshark-users] Need filters
  - From: M K

Prev by Date: [Wireshark-users] Discovery
Next by Date: [Wireshark-users] Which is the stable version for wireshark ?
Previous by thread: Re: [Wireshark-users] Need filters
Next by thread: [Wireshark-users] Which is the stable version for wireshark ?
Index(es):
- Date
- Thread