To ease the analysis of malicious traffic, Wireshark requires certain tweaks. In short, we need to create a new profile in Wireshark to inspect malware traffic.
We added the following columns in Wireshark:
The columns can be added/modified by going to menu bar and navigating to Edit | Preferences | Select Columns (under User Interface).
SPort—source port (unresolved)
DPort—destination port (unresolved)
HTTP host—display filter:
http.host
URI—display filter:
http.request.uri