Seeing that Network Monitor suppose to capture all network traffic, wouldn’t this be a great source for tracking down an APT ?
APTs create C2C channel (command and control) which communicates with the threat actor. Does Kaspersky capture this communication in Network Monitor ? Is it possible to have communication that isn’t captured by Network Monitor ?
I’m assuming Network Monitor also captures UDP traffic as well but I can’t confirm.