 | 1 | initial version |
Running Wireshark on a compromised machine to capture traffic seems a bit pointless to me, how do you know that the malware isn't spoofing the traffic?
If the aim is to remove the malware, please locate a suitable support channel for that, e.g. the Bleeping computer malware removal forum.
If the aim is to use Wireshark to investigate the malware traffic, then the compromised system should be isolated and Wireshark used on a known clean system used to take the captures, e.g. by using a switch and mirroring the traffic.
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
