This study aims to analyze the use of Wireshark in identifying the presence of malware. The primary objective is to identify suspicious communications conducted by malware, such as data transmission to Command and Control (C&C) servers, the use of unusual protocols, or other abnormal communication patterns. Wireshark is used to capture and analyze network traffic, focusing on suspicious communication patterns and protocols frequently used by malware, such as HTTP and DNS. The analyzed data is sourced from high-risk network environments, and the captured traffic is saved in .pcap format for further analysis. The findings of this study reveal that malware often uses HTTP and DNS protocols to communicate with remote servers and employs traffic patterns that are difficult to detect manually. The research successfully identified various traffic patterns indicating the presence of malware, which were subsequently validated using services such as VirusTotal. These findings provide significant contributions to understanding malware behavior and identifying preventive measures to enhance network security.

Keywords— Malware, Wireshark, network traffic, protocol analysis, information security

Afifah Rodhiyatun Nisa, A., Ananditto Daffa Wijayanto,

Arya Prabudi Jaya Priana, & Setiawan, A. (2024).

Analisis Log Server untuk mendeteksi Serang DDoS

pada Keamaan Jaringan di Website. Journal of

Internet and Software Engineering, 1(3), 17.

https://doi.org/10.47134/pjise.v1i3.2612

Ikhwanul Uzlah, L., & Adi Saputra, R. (2024). DETEKSI

SERANGAN SIBER PADA JARINGAN

KOMPUTER MENGGUNAKAN METODE

RANDOM FOREST. In Jurnal Mahasiswa Teknik

Informatika (Vol. 8, Issue 3).

https://bit.ly/CyberSecurityAttacks.

Iqbal, H., & Naaz, S. (2019). Wireshark as a Tool for

Detection of Various LAN Attacks. International

Journal of Computer Sciences and Engineering, 7(5),

–837. https://doi.org/10.26438/ijcse/v7i5.833837

Mariyah Fairuz, G., Yusuf, M., & Setiadji, B. (2021).

Pembuatan Bahan Cyber Exercise sebagai Sarana

Latihan Penanganan Insiden Malware (Studi Kasus:

Instansi XYZ). Jurnal Info Kripto, 15 (3), 123–131.

Nugroho, H. A., & Prayudi, Y. (2015). PENGGUNAAN

TEKNIK REVERSE ENGINEERING PADA

MALWARE ANALYSIS UNTUK IDENTIFIKASI

SERANGAN MALWARE. KNSI 2014.

www.thehackernews.com

Pajar Setia, T., Widiyasono, N., & Putra Aldya, A. (2018).

Analysis Malware Flawed Ammyy RAT Dengan

Metode Reverse Engineering. Jurnal Informatika:

Jurnal Pengembangan IT, 3(3), 371–379.

https://doi.org/10.30591/jpit.v3i3.1019

Parulian, S., Pratiwi, D. A., & Cahya Yustina, M. (2021).

Ancaman dan Solusi Serangan Siber di Indonesia.

http://ejournal.upi.edu/index.php/TELNECT/

Rabbani, S., & Diana, D. (2023). Prediksi Kategori

Serangan Siber dengan Algoritma Klasifikasi Random

Forest Menggunakan Rapidminer. SMATIKA

JURNAL, 13(02), 284–293.

https://doi.org/10.32664/smatika.v13i02.934

Ramdan, A., Widyasono, N., & Mubarok, H. (2022).

Prediksi Jaringan TOR dan VPN menggunakan

Algoritma K-Nearest Neighbour pada Trafik Darknet.

In Jurnal Sistem Cerdas.

Sandriana, A., & Maulana, F. (2022). E-JOINT (Electronica

and Electrical Journal of Innovation Technology)

Klasifikasi serangan Malware terhadap Lalu Lintas

Jaringan Internet of Things menggunakan Algoritma

K-Nearest Neighbour (K-NN). E- JOINT (Electronica

and Electrical Journal of Innovation Technology), 3

(1)(1), 12.

Sutarti, Siswanto, & Bachtiar, A. (2023). ANALISIS WEB

PHISHING MENGGUNAKAN METODE

NETWORK FORENSIC DAN BLOCK ACCESS

SITUS DENGAN ROUTER MIKROTIK. Jurnal

PROSISKO, 10 (1), 71–83.

Sutra, S. M. S., & Haryanto, A. (2023). Upaya Peningkatan

Keamanan Siber Indonesia oleh Badan Siber dan

Sandi Negara (BSSN) Tahun 2017-2020. 56Global

Political Studies Journal, 7 (1), 56–59.

Beale, J., Orebaugh, A., & Ramirez, G. (2006). Wireshark

& Ethereal network protocol analyzer toolkit.

Elsevier