I have seen it use TCP port 80.
I was able to find spyware on my machine when I set my browser
proxy settings to use TCP 8080 and then sniffed for all traffic trying to use
TCP port 80.
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Boaz Galil
Sent: Friday, February 12, 2010 7:24 AM
To: Community support list for Wireshark
Subject: [Wireshark-users] [offtopic] spyware
Hi
experts
I
have seen this question on other forum and I was wonder what do you have
to say about it.
Does
most spyware (built to transfer data from computer A to some other
location) use TCP or UDP and why? My opinion without knowing the real
statistics is that most spyware are probably using UDP due to the nature of the
connectionless of this protocol.
Any
ideas?
Thanks
in advance,
--
Boaz.