Wireshark is an app that captures live network traffic. All activities in a pc that is connected to a network has to send and receive data over the network. Viruses nowadays often originates from websites. but wireshark does not only scans network traffic, it can also check USB traffic. To understand the network traffic, a solid understanding of the OSI model is a must.
As a beginning, malwares are often get downloaded using the HTTP protocol, So to analyze the packets inside it, it should be downloaded from wireshark and upload this file at Virustotal.com for further analysis.
This project will be a python program to gather network packets and save it to a pcap file and submit this file to virustotal.com using their api for virus detection, this will be our raw data to discover patterns using keras/tensorflow(this still on R&D stage so I am still not sure what will be the type of machine learning problem it will be).
Capturing Network Packets
I used TSHARK(an application that gets installed when Wireshark is installed) to capture network packets from the command line, and for example, I need to capture packets in 10 seconds over the wifi network and save the captured packets to file, I would use the following python code:
import os
os.system('cmd /c "tshark -i 3 -w packet_log.pcap -a duration:10"')
....(to be continued)
No comments:
Post a Comment