Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Need filters

From: "David H. Lipman" <DLipman () Verizon Net>
Date: Sun, 27 Jun 2010 14:06:07 -0400
From: "M K" <gedropi () gmail com>

| Exactly.  Thanks.

| On 6/22/10, bart sikkes <b.sikkes () gmail com> wrote:

Thanx!



I passed on your comment.  Maybe what I should do next is point him to
this News group.



and what if the malware uses the port(s) you are going to exclude?
specially with malware i would be careful with what you call noise,
that noise can be used to hide the malware.



After examining much malware, you get a feel for what is noise (background MS OS 
communication) and the malware performing such tasks as; exfiltrtion of data, 
communicating to a C2, worms trying dictionary attacks, sending SQL Injecton packets, etc.


-- 
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp 



___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: