Revision history [back]
How to spot rootkit in wireshark
So there's a rootkit installed on machine 192.168.119 and we have to answer this:
Knowning that port 80 is used by default to do HTTP requests, show that this protocol has been used to send non-sens information linked to passwords from machine 192.168.1.119 to a distant server.
So i checked all the HTTP protocols in the photo below and i have no clue about what it looks like.
We got a tips that to answer this question we need to know what a passwd file look like but it still doesn't help me at all.
Any tips on what to look at in the packets to spot something related to a password ? thank you.
https://imgur.com/pmuxQU5
How to spot rootkit in wireshark
So there's a rootkit installed on machine 192.168.119 and we have to answer this:
Knowning that port 80 is used by default to do HTTP requests, show that this protocol has been used to send non-sens information linked to passwords from machine 192.168.1.119 to a distant server.
So i checked all the HTTP protocols in the photo below and i have no clue about what it looks like.
We got a tips that to answer this question we need to know what a passwd file look like that but it still doesn't help me at all.
Any tips on what to look at in the packets to spot something related to a password ? thank you.
https://imgur.com/pmuxQU5