 | 1 | initial version |
It worked.
I used a crossover CAT6 cable from the other computer to the Wireshark laptop.
I used Internet Connection Sharing in Windows 10. This sets up an additional DHCP server to address the other computer.
When installing Wireshark, I selected all additional packages such as WinPCap. Once in Wireshark I selected the network interface associated with the other computer. It was named "Ethernet". This started real-time network monitoring.
Once in the data capture view the useful information was the IP and HTTP (application) layers. I could see IP layer transactions to see the destination IP addresses, and HTTP (non-HTTPS) showed me actual HTTP data. Without being able to decrypt encrypted application layer protocols, that may be the most that I can get out of this technique for detecting malware. Destination IP address is very useful, though.
Thank you for everyone's suggestions!
| | 2 | No.2 Revision |
It worked.
I used a crossover CAT6 cable from the other computer to the Wireshark laptop.
I tried Bridge Connections but it didn't work. DHCP from the "Ethernet port 2" side (outside the Wireshark laptop) addressed both the Wireshark laptop and the other computer, but network transactions from either computer wouldn't work.
Instead, I used Internet Connection Sharing in Windows 10. This sets up an additional DHCP server to address the other computer.
When installing Wireshark, I selected all additional packages such as WinPCap. Once in Wireshark I selected the network interface associated with the other computer. It was named "Ethernet". This started real-time network monitoring.
Once in the data capture view the useful information was the IP and HTTP (application) layers. I could see IP layer transactions to see the destination IP addresses, and HTTP (non-HTTPS) showed me actual HTTP data. Without being able to decrypt encrypted application layer protocols, that may be the most that I can get out of this technique for detecting malware. Destination IP address is very useful, though.
Thank you for everyone's suggestions!
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
