- \n
- Track downloads. <\/strong>You can identify PE file downloads just by looking at the signatures. <\/li>\n<\/ul>\n\n\n\n
<\/p>\n\n\n\n
How to use the ANY.RUN network stream window <\/h2>\n\n\n\n
1<\/strong>. Viewing the packets\u00a0<\/strong>\u00a0<\/h3>\n\n\n\n
Locate the packet you need by using the “Network stream” pop-up window on the navigation panel. The window initially displays quick previews so you can quickly scroll through blocks of information. <\/p>\n\n\n\n
To examine packet details individually, just select the data you’re interested in. Expand a block by clicking the Show button or directly on the block to reveal the entire packet’s data. <\/p>\n\n\n\n
Received and sent packets are displayed in different colors: blue for received <\/strong>and green for sent<\/strong>. <\/p>\n\n\n\n
2. Using highlighting<\/strong> <\/h3>\n\n\n\n
You can use highlighting to help you focus on important information. <\/p>\n\n\n\n
- \n
- Printable characters such as letters, signs, and figures will be highlighted <\/li>\n\n\n\n
- Control characters and others that have less priority will be slightly transparent <\/li>\n<\/ul>\n\n\n\n
If you hold a mouse over the HEX code snippet, its clear text equivalent will be highlighted at the same time. <\/p>\n\n\n\n
Highlighting kicks in automatically when you expand a packet. You can toggle it off at anytime with the \u201chiglight chars\u201d toggle. <\/p>\n\n\n\n
![\"ANY.RUN](\"\/cybersecurity-blog\/wp-content\/uploads\/2023\/03\/image.gif\")
<\/figure>\n\n\n\n3. Switch between HEX and Text formats<\/strong> <\/h3>\n\n\n\n
By default, the modal shows HEX data, but you can switch into text mode at any time. In this mode you can also expand packets. <\/p>\n\n\n\n
4. View packet details and download packets<\/strong> <\/h3>\n\n\n\n
The modal header shows the IPs, domain name<\/strong>, the number of sent, <\/strong>and the number of received packets<\/strong>.\u00a0<\/p>\n\n\n\n
![\"ANY.RUN](\"\/cybersecurity-blog\/wp-content\/uploads\/2023\/03\/image-11-1024x145.png\")
<\/figure>\n\n\n\n<\/p>\n\n\n\n
If you select a part of the HEX\/cleartext you can download just that part, or you can get the whole packet in binary format using the download button which is above each packet. <\/p>\n\n\n\n
![\"ANY.RUN](\"\/cybersecurity-blog\/wp-content\/uploads\/2023\/03\/image-10-1024x164.png\")
<\/figure>\n","protected":false},"excerpt":{"rendered":"Network stream analysis involves monitoring and examining the incoming and outgoing HTTP requests packet by packet. This helps you identify malware that might be trying to communicate with its control servers or spread to other devices. When to use network stream analysis? This technique is handy when you suspect a malware infection but can’t quite […]<\/p>\n","protected":false},"author":2,"featured_media":4099,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[57,10,54],"class_list":["post-4633","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-instructions","tag-anyrun","tag-cybersecurity","tag-features"],"acf":[],"yoast_head":"\n
Analyzing the Network Stream\u00a0\u00a0 - ANY.RUN's Cybersecurity Blog<\/title>\n<meta name=\"description\" content=\"Network stream analysis involves monitoring and examining the incoming and outgoing HTTP requests packet by packet. Check it in ANY.RUN\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/analyzing-the-network-stream\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ANY.RUN\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/analyzing-the-network-stream\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/analyzing-the-network-stream\/\"},\"author\":{\"name\":\"ANY.RUN\",\"@id\":\"https:\/\/any.run\/\"},\"headline\":\"Analyzing the Network Stream\u00a0\u00a0\",\"datePublished\":\"2021-08-25T06:26:00+00:00\",\"dateModified\":\"2023-03-29T06:29:59+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/analyzing-the-network-stream\/\"},\"wordCount\":407,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"keywords\":[\"ANYRUN\",\"cybersecurity\",\"features\"],\"articleSection\":[\"Instructions on ANY.RUN\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/analyzing-the-network-stream\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/analyzing-the-network-stream\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/analyzing-the-network-stream\/\",\"name\":\"Analyzing the Network Stream\u00a0\u00a0 - ANY.RUN's Cybersecurity Blog\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/\"},\"datePublished\":\"2021-08-25T06:26:00+00:00\",\"dateModified\":\"2023-03-29T06:29:59+00:00\",\"description\":\"Network stream analysis involves monitoring and examining the incoming and outgoing HTTP requests packet by packet. Check it in ANY.RUN\",\"breadcrumb\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/analyzing-the-network-stream\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/analyzing-the-network-stream\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/analyzing-the-network-stream\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Instructions on ANY.RUN\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/category\/instructions\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Analyzing the Network Stream\u00a0\u00a0\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN's Cybersecurity Blog\",\"description\":\"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/any.run\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"url\":\"https:\/\/any.run\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"contentUrl\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"width\":1,\"height\":1,\"caption\":\"ANY.RUN\"},\"image\":{\"@id\":\"https:\/\/any.run\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/www.any.run\/\",\"https:\/\/twitter.com\/anyrun_app\",\"https:\/\/www.linkedin.com\/company\/30692044\",\"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"caption\":\"ANY.RUN\"},\"url\":\"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Analyzing the Network Stream\u00a0\u00a0 - ANY.RUN's Cybersecurity Blog","description":"Network stream analysis involves monitoring and examining the incoming and outgoing HTTP requests packet by packet. Check it in ANY.RUN","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/analyzing-the-network-stream\/","twitter_misc":{"Written by":"ANY.RUN","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/analyzing-the-network-stream\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/analyzing-the-network-stream\/"},"author":{"name":"ANY.RUN","@id":"https:\/\/any.run\/"},"headline":"Analyzing the Network Stream\u00a0\u00a0","datePublished":"2021-08-25T06:26:00+00:00","dateModified":"2023-03-29T06:29:59+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/analyzing-the-network-stream\/"},"wordCount":407,"commentCount":0,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["ANYRUN","cybersecurity","features"],"articleSection":["Instructions on ANY.RUN"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/analyzing-the-network-stream\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/analyzing-the-network-stream\/","url":"https:\/\/any.run\/cybersecurity-blog\/analyzing-the-network-stream\/","name":"Analyzing the Network Stream\u00a0\u00a0 - ANY.RUN's Cybersecurity Blog","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2021-08-25T06:26:00+00:00","dateModified":"2023-03-29T06:29:59+00:00","description":"Network stream analysis involves monitoring and examining the incoming and outgoing HTTP requests packet by packet. Check it in ANY.RUN","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/analyzing-the-network-stream\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/analyzing-the-network-stream\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/analyzing-the-network-stream\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Instructions on ANY.RUN","item":"https:\/\/any.run\/cybersecurity-blog\/category\/instructions\/"},{"@type":"ListItem","position":3,"name":"Analyzing the Network Stream\u00a0\u00a0"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN's Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"ANY.RUN","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","caption":"ANY.RUN"},"url":"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/"}]}},"_links":{"self":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/4633"}],"collection":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=4633"}],"version-history":[{"count":2,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/4633\/revisions"}],"predecessor-version":[{"id":4641,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/4633\/revisions\/4641"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/4099"}],"wp:attachment":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=4633"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=4633"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=4633"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}