Plz point me how to trace the intruders and virus traffic from Ethereal/Wireshark
Plz point me how to trace the intruders and virus traffic from Ethereal/Wireshark
Run tcpdump, or the dumpcap utility that comes with Wireshark, with superuser privileges to capture packets into a file, and later analyze these packets by running Wireshark with restricted privileges on the packet capture dump file.
Check out the guides here: How to Trace a hacker
and also
Networking Guide 7 - Network Access and Security
For some viruses/worms there might be a capture filter to recognize the virus traffic. Check the CaptureFilters page on the Wireshark Wiki to see if anybody's added such a filter.
Note that Wireshark was not designed to be an intrusion detection system; you might be able to use it as an IDS, but in most cases software designed to be an IDS, such as Snort or Prelude, will probably work better.
The Bleeding Edge of Snort has a collection of signatures for Snort to detect various viruses, worms, and the like.
Bookmarks