Ask Your Question

Revision history [back]

Steps taken after discovery of malicious traffic

Sorry for this noob question but I'm new to wireshark and I wasn't able to find the answer. What I'm trying to learn is more of a "big picture understanding" of how users of wireshark combats malicious traffic. From the little bit I've learned so far I understand that one way wireshark can be used is to detect malicious traffic and help trace where it comes from. I'm also assuming with wireshark I will be able to detect if a computer has malware or keylogger sending out data to a certain IP. What my question is, after I have discovered this malicious traffic, what is the next step, software, tactic administrators use to protect themselves. For instance if I figure out a certain IP is malicious, how does one protect themselves from this IP?