Trojan virus attacks pose one of the most serious threats to computer
security. A Trojan horse is typically separated into two parts - a server and a
client. It is the client that is cleverly disguised as significant software and
positioned in peer-to-peer file sharing networks, or unauthorized download
websites. The most common means of infection is through email attachments. The
developer of the virus usually uses various spamming techniques in order to
distribute the virus to unsuspecting users. Malware developers use chat
software as another method to spread their Trojan horse viruses such as Yahoo
Messenger and Skype. The objective of this paper is to explore the network
packet information and detect the behavior of Trojan attacks to monitoring
operating systems such as Windows and Linux. This is accomplished by detecting
and analyzing the Trojan infected packet from a network segment -which passes
through email attachment- before attacking a host computer. The results that
have been obtained to detect information and to store infected packets through
monitoring when using the web browser also compare the behaviors of Linux and
Windows using the payload size after implementing the Wireshark sniffer packet
results. Conclusions of the figures analysis from the packet captured data to
analyze the control bit, and check the behavior of the control bits, and the
usability of the operating systems Linux and Windows.