How to Network Packet Capture on Malware Analysis

book

Article ID: 171847

calendar_today

Updated On:

Products

Malware Analysis Software - MA

Issue/Introduction

Need network packet capture for troubleshooting on Malware Analysis (MA)

Resolution

To get a network PCAP on MA, do the following with TCPDump

  1. Log in via SSH as user 'g2', or use the serial console which is already logged in as user g2 (if you do not know g2 user, factory reset is only way to recover it)
  2. To Start PCAP: # sudo tcpdump <tcpdump options as needed><use the tcpdump -w <filename> to write to file>
  3. Test the traffic needed
  4. To Stop PCAP: use CTRL+C
  5. SCP off box