From the course: Wireshark: Malware and Forensics
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Solution: Analyze - Wireshark Tutorial
From the course: Wireshark: Malware and Forensics
Solution: Analyze
- [Narrator] When you have access to someone's system, you can do an investigation that includes running netstat and also the task manager. Here I've taken the results of running netstat on my system. On this you can see the active connections. On the right hand side you see the process ID. That's what you would correlate with the activity in your task manager. When going through, I look at the port numbers and I go into the search bar and just put port number, whatever one I felt would be suspicious, and find out a little bit more information about the port. The one that did come up as flagged was right here: port 65111. Port 65111 is associated with a trojan. As you can see here, it's a trojan that opens a back door on the compromised computer and listens for remote commands. In addition, you might want to take a look at the IP address, 151.101.34.2. I was unable to go to that IP address, but it did give me a little bit of information in that there was one report for this IP address…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.