Malware Presence Detection using Wireshark Analysis

Introduction Malware is malicious software that communicates with external systems to perform unauthorized activities such as data exfiltration, remote control, or network scanning. Network traffic analysis is an effective method to identify malware presence without executing the malicious program. In this work, Wireshark is used to analyze a packet capture file and identify abnormal communication patterns that indicate malware activity. Objectives To analyze network traffic using Wireshark for identifying malware activity To observe abnormal communication patterns such as repeated connection attempts and failed handshakes To confirm malware presence through packet-level analysis of suspicious traffic Malware Source Malware traffic was obtained from Malware-Traffic-Analysis.net: https://www.malware-traffic-analysis.net/training-exercises.html PCAP file Description The selected packet capture file contains network traffic generated from an infected system communicating with external se...