I have a windows application that I'm trying to vet and see whether or not it "calls home" and sends my sensitive data, in other words, a backdoor. I have heard that someone was able to tell that a different application sent a config file to a server, how did they do this? Aren't the packets usually encrypted? Could Wireshark do this? My understanding of this topic is poor. Furthermore, I read a quote on a forum which concerns me:
"Example: I have a backdoor which is a sleeper. I extend my application, and then I trigger a port open through a certain packet the application looks for, then boing, I'm in the machine. Maybe today, 1 month, 1 year, 10 years. I don't know when. So running wireshark doesn't help."
I really need some insight here.
