From the course: Wireshark: Malware and Forensics
Join today to access over 25,300 courses taught by industry experts.
Examining TOR browser activity - Wireshark Tutorial
From the course: Wireshark: Malware and Forensics
Examining TOR browser activity
- [Narrator] On a busy corporate network, it's hard to keep track of all client activity and it's hard to keep up with all the threats on the network. The one thing I do not like to see in a network is TOR activity. TOR is the onion router at encrypts and conceals the activity using a stream that looks just like HTTPS or Transport Layer Security. In this packet capture, we'll step through looking at some evidence that TOR is at play. We take a look at the capture and then go to statistics and then to conversations. In looking at the conversations, I'll go to TCP and then I'll sort, understand that I would've looked at all of the activity and all the ports, but I was curious as to what was happening over Port 9,001. So I went out to take a look at what activity that might be, and here I find information about Port 9,001. When I go there, you can see that there is a couple of activities that are related to Port 9,001, one being the TOR Network. Now I'm thinking it is TOR activity at…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.