Hello hunters! The ANY.RUN team has prepared some amazing changes for you! We are glad to present a redesigned “Network stream” pop-up window that makes the process of analysis more convenient. Speed up your work, make data analysis faster, and simplify retrieval of information. Once the “Network stream” is opened, you can start the analysis immediately.
- Redesigned logic and enhancement of the “Network stream” pop-up window
- Service usability improvements
During the analysis, you can check out the traffic that was sent and received by each of the packets in the “Network stream” pop-up window. You can find it by clicking on Traffic in the Connections section. Here it is possible to look through packets that were sent/received in the HEX and Text formats between two IPs and were set in the virtual machine.
The “Network stream” helps to investigate packets of traffic and find out what information was stolen. For example, passwords, logins, cookies, and other information from compromised systems in the network. Sometimes it’s possible to check what was downloaded: you may guess that the PE file was downloaded just by looking at its signature. Malware’s configuration data such as a botnet ID, IP of the Command & Control server are also likely to be found here.
Let’s have a look at one sample to compare our versions of the window.
The previous variant of the “Network stream” served just for quick evaluation. Obviously, it used to be challenging to work with.
We have reconsidered the whole logic of this pop-up and added new functionalities for your convenience. The new feature has turned the “Network stream” from the briefing paper into a window that you can really use.
Work faster with easy traffic analysis
With a new and better-structured interface, you can speed up your analysis.
- Convenient packets’ display.
Packets contain 3 tables of content: offset from the block’s start, HEX, and Text representation of the stream content.
Find the packet you need by managing the “Network stream” pop-up window in the navigation panel. Now you see all packets at once, as their contents are hidden under spoiler and available for preview. It simplifies navigation considerably – quickly move to the next block of information to find the needed one.
You may check the details of each packet individually. Pick the required data and investigate what you want at once. You can extend a block by clicking on the Show button or right on the needed block to reveal the whole packet’s data.
Need only the received packets? Information in one direction is merged for a more convenient display. The received packets are joined in one blue block, and the sent direction is green.
Enormous streams are not a problem from now on. Scroll huge blocks fast – no lagging anymore.
- Important information is highlighted.
Analyze right away: turn “Highlight chars” on to see valuable data that has size.
With this new feature, you can skip irrelevant information and don’t lose the important one. Color indication of this data simplifies reading. Printable characters such as letters, signs, and figures are brighter. Control characters and others that have less priority are less opaque, so you can pinpoint significant details.
Moreover, if you hold a mouse over HEX format, its text equivalent is highlighted at the same time. The whole line is in the spotlight as well, for clear imagery.
- Switch between HEX and Text formats for more convenient research.
- More details, more high-quality results of the analysis you have. Besides the IPs and the domain name, now you can see the number of sent and received packets.
- Learn more about each packet – its status, size, timeshift.
- Download the needed packet in a binary file. Or you can select a part of HEX/Text and copy the necessary information from the packet.
The challenging window made traffic analysis complicated in the past. We hope the brand new “Network stream” will surprise you with an easy, convenient, and useful feature where you can work and analyze fast. Try it now at ANY.RUN sandbox and check out our video for more details!