Identifikasi Malware Pada Wireshark

  • Parlindungan Tampubolon Universitas 17 Agustus 1945 Jakarta
  • EE Lailatul Putri Universitas 17 Agustus 1945 Jakarta
  • Nabila Reva Zalianti Universitas 17 Agustus 1945 Jakarta
  • Muhammad Reza Raditya Universitas 17 Agustus 1945 Jakarta
DOI: http://dx.doi.org/10.52447/jkte.v9i1.8004

Abstract

This study aims to analyze the use of Wireshark in identifying the presence of malware. The primary objective is to identify suspicious communications conducted by malware, such as data transmission to Command and Control (C&C) servers, the use of unusual protocols, or other abnormal communication patterns. Wireshark is used to capture and analyze network traffic, focusing on suspicious communication patterns and protocols frequently used by malware, such as HTTP and DNS. The analyzed data is sourced from high-risk network environments, and the captured traffic is saved in .pcap format for further analysis. The findings of this study reveal that malware often uses HTTP and DNS protocols to communicate with remote servers and employs traffic patterns that are difficult to detect manually. The research successfully identified various traffic patterns indicating the presence of malware, which were subsequently validated using services such as VirusTotal. These findings provide significant contributions to understanding malware behavior and identifying preventive measures to enhance network security.
Published
Jun 8, 2024
How to Cite
TAMPUBOLON, Parlindungan et al. Identifikasi Malware Pada Wireshark. Jurnal Kajian Teknik Elektro, [S.l.], v. 9, n. 1, p. 64-68, june 2024. ISSN 2502-8464. Available at: <https://ojs3.binainsancerdas.com/index.php/JKTE/article/view/8004>. Date accessed: 13 apr. 2026. doi: http://dx.doi.org/10.52447/jkte.v9i1.8004.
Citation Formats
Issue
Vol 9 No 1 (2024): JKTE VOL 9 NO 1 (MARET 2024)
Section
Articles

Keywords

Keywords— Malware, Wireshark, network traffic, protocol analysis, information security