Ask Your Question

Revision history [back]

How to spot rootkit in wireshark

So there's a rootkit installed on machine 192.168.119 and we have to answer this:

Knowning that port 80 is used by default to do HTTP requests, show that this protocol has been used to send non-sens information linked to passwords from machine 192.168.1.119 to a distant server.

So i checked all the HTTP protocols in the photo below and i have no clue about what it looks like.

We got a tips that to answer this question we need to know what a passwd file look that but it still doesn't help me at all.

Any tips on what to look at in the packets to spot something related to a password ? thank you.

https://imgur.com/pmuxQU5

How to spot rootkit in wireshark

So there's a rootkit installed on machine 192.168.119 and we have to answer this:

Knowning that port 80 is used by default to do HTTP requests, show that this protocol has been used to send non-sens information linked to passwords from machine 192.168.1.119 to a distant server.

So i checked all the HTTP protocols in the photo below and i have no clue about what it looks like.

We got a tips that to answer this question we need to know what a passwd file look that like but it still doesn't help me at all.

Any tips on what to look at in the packets to spot something related to a password ? thank you.

https://imgur.com/pmuxQU5

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2