When the malware is executed, you will want to capture the network traffic generated as a result of running the malware; this will help you understand the communication channel used by the malware and will also help in determining network-based indicators. Wireshark (https://www.wireshark.org/) is a packet sniffer that allows you to capture the network traffic. Installation of Wireshark on the Linux VM was covered in Chapter 1, Introduction to Malware Analysis). To invoke Wireshark on Linux, run the following command:
$ sudo wireshark
To start capturing the traffic on a network interface, click on Capture | Options ( Or press Ctrl + K), select the network interface, and click on Start: