- Redesigned logic and enhancement of the \u201cNetwork stream\u201d pop-up window <\/li>
- Service usability improvements<\/li><\/ul>\n\n\n\n
Network stream<\/h1>\n\n\n\n
During the analysis, you can check out the traffic that was sent and received by each of the packets in the \u201cNetwork stream\u201d pop-up window. You can find it by clicking on Traffic in the Connections section. Here it is possible to look through packets that were sent\/received in the HEX and Text formats between two IPs and were set in the virtual machine.
<\/p>\n\n\n\nThe \u201cNetwork stream\u201d helps to investigate packets of traffic and find out what information was stolen. For example, passwords, logins, cookies, and other information from compromised systems in the network. Sometimes it\u2019s possible to check what was downloaded: you may guess that the PE file was downloaded just by looking at its signature. Malware\u2019s configuration data such as a botnet ID, IP of the Command & Control server are also likely to be found here.
<\/p>\n\n\n\nLet\u2019s have a look at one sample<\/a> to compare our versions of the window.
<\/p>\n\n\n\nThe previous variant of the \u201cNetwork stream\u201d served just for quick evaluation. Obviously, it used to be challenging to work with.
<\/p>\n\n\n\nWe have reconsidered the whole logic of this pop-up and added new functionalities for your convenience. The new feature has turned the \u201cNetwork stream\u201d from the briefing paper into a window that you can really use. <\/p>\n\n\n\n
<\/figure>\n\n\n\n
Work faster with easy traffic analysis<\/h2>\n\n\n\n
With a new and better-structured interface, you can speed up your analysis.
<\/p>\n\n\n\n- Convenient packets\u2019 display. <\/strong><\/li><\/ol>\n\n\n\n
Packets contain 3 tables of content: offset from the block\u2019s start, HEX, and Text representation of the stream content.
<\/p>\n\n\n\nFind the packet you need by managing the \u201cNetwork stream\u201d pop-up window in the navigation panel. Now you see all packets at once, as their contents are hidden under spoiler and available for preview. It simplifies navigation considerably \u2013 quickly move to the next block of information to find the needed one.
<\/p>\n\n\n\nYou may check the details of each packet individually. Pick the required data and investigate what you want at once. You can extend a block by clicking on the Show button or right on the needed block to reveal the whole packet’s data.
<\/p>\n\n\n\nNeed only the received packets? Information in one direction is merged for a more convenient display. The received packets are joined in one blue block, and the sent direction is green.
<\/p>\n\n\n\nEnormous streams are not a problem from now on. Scroll huge blocks fast \u2013 no lagging anymore.
<\/p>\n\n\n\n- Important information is highlighted.<\/strong><\/li><\/ol>\n\n\n\n
Analyze right away: turn \u201cHighlight chars\u201d on to see valuable data that has size.
<\/p>\n\n\n\nWith this new feature, you can skip irrelevant information and don’t lose the important one. Color indication of this data simplifies reading. Printable characters such as letters, signs, and figures are brighter. Control characters and others that have less priority are less opaque, so you can pinpoint significant details.
<\/p>\n\n\n\nMoreover, if you hold a mouse over HEX format, its text equivalent is highlighted at the same time. The whole line is in the spotlight as well, for clear imagery. <\/p>\n\n\n\n
<\/figure>\n\n\n\n
- Switch between HEX and Text formats for more convenient research.<\/strong><\/li><\/ol>\n\n\n\n
<\/figure>\n\n\n\n
- More details, more high-quality results of the analysis you have. <\/strong>Besides the IPs and the domain name, now you can see the number of sent and received packets. <\/li><\/ol>\n\n\n\n
<\/figure>\n\n\n\n
- Learn more about each packet<\/strong> \u2013 its status, size, timeshift. <\/li><\/ol>\n\n\n\n
- Download the needed packet in a binary file.<\/strong> Or you can select a part of HEX\/Text and copy the necessary information from the packet. <\/li><\/ol>\n\n\n\n
<\/figure>\n\n\n\n
The challenging window made traffic analysis complicated in the past. We hope the brand new \u201cNetwork stream\u201d will surprise you with an easy, convenient, and useful feature where you can work and analyze fast. Try it now at ANY.RUN sandbox<\/a> and check out our video for more details! <\/p>\n\n\n\n
- Download the needed packet in a binary file.<\/strong> Or you can select a part of HEX\/Text and copy the necessary information from the packet. <\/li><\/ol>\n\n\n\n
- Learn more about each packet<\/strong> \u2013 its status, size, timeshift. <\/li><\/ol>\n\n\n\n
- More details, more high-quality results of the analysis you have. <\/strong>Besides the IPs and the domain name, now you can see the number of sent and received packets. <\/li><\/ol>\n\n\n\n
- Switch between HEX and Text formats for more convenient research.<\/strong><\/li><\/ol>\n\n\n\n
- Important information is highlighted.<\/strong><\/li><\/ol>\n\n\n\n
- Convenient packets\u2019 display. <\/strong><\/li><\/ol>\n\n\n\n