Network forensics analysis using Wireshark

Vivens Ndatinya; Zhifeng Xiao; Vasudeva Rao Manepalli; Ke Meng; Yang Xiao

doi:10.1504/IJSN.2015.070421

Network forensics analysis using Wireshark

Vivens Ndatinya, Zhifeng Xiao, Vasudeva Rao Manepalli, Ke Meng, Yang Xiao

School of Engineering (Behrend)

Research output: Contribution to journal › Article › peer-review

40 Scopus citations

Abstract

The number and types of attacks against networked computer systems have raised the importance of network security. Today, network administrators need to be able to investigate and analyse the network traffic to understand what is happening and to deploy immediate response in case of an identified attack. Wireshark proves to be an effective open source tool in the study of network packets and their behaviour. In this regard, Wireshark can be used in identifying and categorising various types of attack signatures. The purpose of this paper is to demonstrate how Wireshark is applied in network protocol diagnosis and can be used to discover traditional network attacks such as port scanning, covert FTP and IRC channels, ICMP-based attacks, BitTorrent-driven denial service, and etc. In addition, the case studies in this paper illustrate the idea of using Wireshark to identify new attack vectors.

Original language	English (US)
Pages (from-to)	91-106
Number of pages	16
Journal	International Journal of Security and Networks
Volume	10
Issue number	2
DOIs	https://doi.org/10.1504/IJSN.2015.070421
State	Published - 2015

All Science Journal Classification (ASJC) codes

Safety, Risk, Reliability and Quality
Computer Networks and Communications
Electrical and Electronic Engineering

Access to Document

10.1504/IJSN.2015.070421

Cite this

@article{7354551f08854468882581b35f773f47,

title = "Network forensics analysis using Wireshark",

abstract = "The number and types of attacks against networked computer systems have raised the importance of network security. Today, network administrators need to be able to investigate and analyse the network traffic to understand what is happening and to deploy immediate response in case of an identified attack. Wireshark proves to be an effective open source tool in the study of network packets and their behaviour. In this regard, Wireshark can be used in identifying and categorising various types of attack signatures. The purpose of this paper is to demonstrate how Wireshark is applied in network protocol diagnosis and can be used to discover traditional network attacks such as port scanning, covert FTP and IRC channels, ICMP-based attacks, BitTorrent-driven denial service, and etc. In addition, the case studies in this paper illustrate the idea of using Wireshark to identify new attack vectors.",

author = "Vivens Ndatinya and Zhifeng Xiao and Manepalli, {Vasudeva Rao} and Ke Meng and Yang Xiao",

year = "2015",

doi = "10.1504/IJSN.2015.070421",

language = "English (US)",

volume = "10",

pages = "91--106",

journal = "International Journal of Security and Networks",

issn = "1747-8405",

publisher = "Inderscience Enterprises Ltd",

number = "2",

}

TY - JOUR

T1 - Network forensics analysis using Wireshark

AU - Ndatinya, Vivens

AU - Xiao, Zhifeng

AU - Manepalli, Vasudeva Rao

AU - Meng, Ke

AU - Xiao, Yang

PY - 2015

Y1 - 2015

N2 - The number and types of attacks against networked computer systems have raised the importance of network security. Today, network administrators need to be able to investigate and analyse the network traffic to understand what is happening and to deploy immediate response in case of an identified attack. Wireshark proves to be an effective open source tool in the study of network packets and their behaviour. In this regard, Wireshark can be used in identifying and categorising various types of attack signatures. The purpose of this paper is to demonstrate how Wireshark is applied in network protocol diagnosis and can be used to discover traditional network attacks such as port scanning, covert FTP and IRC channels, ICMP-based attacks, BitTorrent-driven denial service, and etc. In addition, the case studies in this paper illustrate the idea of using Wireshark to identify new attack vectors.

AB - The number and types of attacks against networked computer systems have raised the importance of network security. Today, network administrators need to be able to investigate and analyse the network traffic to understand what is happening and to deploy immediate response in case of an identified attack. Wireshark proves to be an effective open source tool in the study of network packets and their behaviour. In this regard, Wireshark can be used in identifying and categorising various types of attack signatures. The purpose of this paper is to demonstrate how Wireshark is applied in network protocol diagnosis and can be used to discover traditional network attacks such as port scanning, covert FTP and IRC channels, ICMP-based attacks, BitTorrent-driven denial service, and etc. In addition, the case studies in this paper illustrate the idea of using Wireshark to identify new attack vectors.

UR - http://www.scopus.com/inward/record.url?scp=84936777326&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84936777326&partnerID=8YFLogxK

U2 - 10.1504/IJSN.2015.070421

DO - 10.1504/IJSN.2015.070421

M3 - Article

AN - SCOPUS:84936777326

SN - 1747-8405

VL - 10

SP - 91

EP - 106

JO - International Journal of Security and Networks

JF - International Journal of Security and Networks

IS - 2

ER -

Network forensics analysis using Wireshark

Abstract

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this