Introducing
Your new presentation assistant.
Refine, enhance, and tailor your content, source relevant images, and edit visuals quicker than ever before.
Trending searches
Locate the Log-In Packet (often labeled login.____)
Here you can isolate the username email, as well as the password.
Examples of No-IP Services:
3utilities.com
bounceme.net
hopto.org
myftp.biz
myftp.org
myvnc.com
no-ip.biz
no-ip.info
no-ip.org
redirectme.net
servebeer.com
serveblog.net
servecounterstrike.com
serveftp.com
servegame.com
servehalflife.com
servehttp.com
servemp3.com
servepics.com
servequake.com
sytes.net
zapto.org
While capturing packets, Wireshark automatically color codes each line that comes in.
Green = TCP Traffic
Dark Blue = DNS Traffic
Light Blue = UDP Traffic
Black = Faulty TCP Packets (delivered out of order)
Those in Red are flagged. They could indicate any type of hacker activity, like a DoS Attack. Especially when reoccurring from same source.
Hackers use Wireshark to eavesdrop. They than take any information to further exploit your system.
Opening the packet and examining the contents does not itself reveal the culprit. Remember the IP source can be a zombie.
So how do you find the IP address and catch the hacker?
So here’s how we eavesdrop on them.
Derek Hink
What if your computer has already been infected by a hacker? What if you're another intended zombie?
Presumedly, an anti-virus software has identified malicious files. Locate the RAT (Random Access Trojan)
Execute the RAT using a sandbox based isolation software (such as Sandboxie) that traps the virus.
(1) Open Wireshark
(2) Go to CAPTURE OPTIONS in the top-left
(6) Open TCP STREAM with
USERNAME AND PASSWORD
(3) Select the correct interface, (i.e. your network or NIC)
(4) Now log-in to your Facebook, Myspace, etc.
(1) Return to WIRESHARK
(5) THE PACKETS will start rolling in, and for your ease, filter the HTTP packets...
(2) You’ll see the connection packets being sent and retrieved from your IP to a No-IP (a common service used to mask a hacker’s numeral IP and still look like a legitimate address) or other DNS masker.
(3) Once you've found the RAT server's No-IP, open the command prompt and knock on your hacker's door:
type 'ping enternoipnamehere.no-ip.biz'
(4) Hit enter and discover your attacker's true name. The source IP address.
What you do from here is your choice
(1) Turn them in.
(2) Get back.