Wireshark

To get an overview of the captured traffic you can navigate to “Statistics” -> “Protocol Hierachy” Wireshark statisik

As well “Statistics” -> “Conversations”. This helps to identify IPs and port used for conversations.

Wireshark DNS Query filter all pakets via “dns”. This shows the used domains

Wireshark HTTP Query Filter by http traffic shows us that one downloaded two files

The files can be exported: Wireshark Export HTTP

Lets take the sha265 checksum of the file. sha265

Lets check the hash on virustotal vt

Updated: