search cancel

How to Network Packet Capture on Malware Analysis


Article ID: 171847


Updated On:


Malware Analysis Software - MA


Need network packet capture for troubleshooting on Malware Analysis (MA)


To get a network PCAP on MA, do the following with TCPDump

  1. Log in via SSH as user 'g2', or use the serial console which is already logged in as user g2 (if you do not know g2 user, factory reset is only way to recover it)
  2. To Start PCAP: # sudo tcpdump <tcpdump options as needed><use the tcpdump -w <filename> to write to file>
  3. Test the traffic needed
  4. To Stop PCAP: use CTRL+C
  5. SCP off box