2015-08-05 - AN EXAMPLE OF LEGITIMATE JAVA UPDATE TRAFFIC

PCAP:

 

NOTES:

 

------Original Message------
From: [redacted]
Sent: Wednesday, July 29, 2015 02:26 UTC
To: brad@malware-traffic-analysis.net
Subject: RE: Password Request

Hi Brad,

Thanks very much for your blog and trace files and explanations.

I have still yet to have a good look through things, however I thought I'd ask if you have ever done an analysis of legitimate Java update traffic?  I am curious to see what proper communications should look like, and what servers might be involved in the update process, as this might allow me to better catch traffic that attempts to hide itself under this process.

Would you have anything I might use?  Might make for an interesting post otherwise?

Regards
[redacted]

 

------Original Message------
From: brad@malware-traffic-analysis.net
Sent: Wednesday, 29 July 2015 02:31 UTC
To: [redacted]
Subject: RE: Password Request

[redacted],

I don't have anything off-hand, but I might be able to generate some legitimate update traffic as an example.  Let me see what I can come up with in the next few days.

Regards,

Brad

 

WHAT IT LOOKS LIKE FILTERED IN WIRESHARK

 

FINAL NOTES

Click here to return to the main page.