Hello Researchers
i am doing research on botnet, i am in my initial phase.
so i need experts help regarding few things.
1. how can i infect a machine with botnet and analyse it.
i have setup three machines with several virtual machines running on it, all connected with a separate router forming a private network.
now i want to infect few machines and see what is going on.
but i dont know how to infect and log the behavior of a botnet
If I was you I would begin by looking at something like http//dionaea.carnivore.it/
I have used something like this in the past to learn about botnets and their behaviour, it should get you started.
Are you at a university? If so which one?
hello ..
did wireshark can monitored the behaviour of the botnet?
Yes, unless the bot can prevent it (possibly by mucking with NDIS comm, or even having own NDIS).
hello ..
did wireshark can monitored the behaviour of the botnet?
A lot of the malware I've been looking at recently approached the problem with a much simpler solution
1. Check for a running process "wireshark.exe"
2. Exit
Far easier than writing your own network stack.
Maybe the [WildPackets - peer map] would help u~ have a try)