The research presented in this article aims to identify “plague” botnet communication pattern, with the aid of Wireshark Packet Analyzer as proof of concept (PoC) towards unique communication pattern analysis between infected host and botnet. The research is conducted on public IRC (Internet Relay Chat) network, specifically at the opened domain for botnet research, that is, irc.accesox.net. COMODO Internet Security also used for determining files downloaded by the botnet to identify whether there any malware or not. The observation is done on 60 captured packets, which then the TCP stream excerpt and the protocols hierarchy statistic from those packets being analyzed. Based on the analysis of TCP stream excerpt and the protocols hierarchy statistic, the communication pattern between bot, botmaster, and infected host are known. Wireshark could show the data inside the TCP stream excerpt and all captured protocols. The conducted analysis on TCP stream excerpt and protocols hierarchy statistic is based on RFC 2812 (Internet Relay Chat: Client Protocol – IETF Tools). The analysis on TCP stream excerpt and protocols hierarchy statistic yield botnet activity information for the next step of the analysis of botnet attack, which is dataset and prediction model building. The prediction model can then be implemented to predict whether network traffic is safe or harmful.    

Keywords: botnet, COMODO internet security, Internet Relay Chat (IRC), RFC 2812, Wireshark

Alothman, Basil & Rattadilok, Prapa. (2017). Towards using Transfer Learning for Botnet Detectoin. 12th International Conference for Internet Technology and Secured Transaction (ICITST-2017). University of Cambridge, Cambridge

Puri, Ramneek. (2003). Bots &; Botnet: An Overview. SANS Institute, Singapore

Kasperzyk, Rafal., Paz, Marcin., dan Tarapata, Zbigniew. (2017). Modelling and simulation of botnet based cyber-threats. MATEC Web Conferences Volume 125, 21st International Conference on Circuits, Systems, Communications and Computers (CSCC 2017). Crete: e? sciences

Kamluk, Vitaly. (2008, 18 Juli). Biznes botnetnowy. [online] Tersedia di https://tech.money.pl/hi-tech/artykul/biznes-botnetowy,212,0,356308.html [Diakses 27 Juni 2019]

Sfakianakis, Andreas., Douligeris, Christos., Marinos, Louis., Lourenço, Marco., & Raghimi, Omid. (2019). ENISA Threat Landscape Report 2018: 15 Top Cyberthreats and Trends. DOI: 10.2824/622757

Godkin T., (2013), Statistical Assessment of Peer-to-Peer Botnet Features, University of Victoria

Bloice, Graham., 2019. Tshark Command Line using PowerShell, [online] Tersedia di: [Diakses 18 Februari 2019]

Kalt, C. 2000. RFC 2812-Internet Relay Chat: Client Protocol – IETF Tools, [online] Tersedia di: https://tool.ietf.org/html/rfc2812 [Diakses 21 Januari 2019]