What we need to find:
- One suspicious service is active on the network find that?
- Port number of that suspicious service?
- Wireshark (recommended)
- SAMPLE: https://mega.nz/file/o34CASjA#0qB-J_r_0jfaadXcoU_JZSMkpEd9JUxI_hP_Q6CxOBo
Lets know basic Protocols:
Lets Start with TCP:
- Put tcp filter in wireshark:
- We saw that there are many packet of TCP.
- Goto Statistics -> Conversation
- It will display all communication between various IP addresses
- We found that communication happen on port numbers: 443,80,2022
- In this 2022 port number seems to be suspicious.
Filter traffic on port number 2022:
- Use Filter tcp.port == 2022
Lets find which service is running on this port number:
- Right Click on the first packet after applying tcp.port == 2022 filter
- Follow -> tcp Stream
ITS SSH SERVICE RUNNING ON THAT PORT NUMBER
📞Follow & Contact ME:
princep4 - Overview
Cyber Security Enthusiast. princep4 has 21 repositories available. Follow their code on GitHub.