TY - JOUR
T1 - Network forensics analysis using Wireshark
AU - Ndatinya, Vivens
AU - Xiao, Zhifeng
AU - Manepalli, Vasudeva Rao
AU - Meng, Ke
AU - Xiao, Yang
N1 - Publisher Copyright:
Copyright © 2015 Inderscience Enterprises Ltd.
Copyright:
Copyright 2020 Elsevier B.V., All rights reserved.
PY - 2015
Y1 - 2015
N2 - The number and types of attacks against networked computer systems have raised the importance of network security. Today, network administrators need to be able to investigate and analyse the network traffic to understand what is happening and to deploy immediate response in case of an identified attack. Wireshark proves to be an effective open source tool in the study of network packets and their behaviour. In this regard, Wireshark can be used in identifying and categorising various types of attack signatures. The purpose of this paper is to demonstrate how Wireshark is applied in network protocol diagnosis and can be used to discover traditional network attacks such as port scanning, covert FTP and IRC channels, ICMP-based attacks, BitTorrent-driven denial service, and etc. In addition, the case studies in this paper illustrate the idea of using Wireshark to identify new attack vectors.
AB - The number and types of attacks against networked computer systems have raised the importance of network security. Today, network administrators need to be able to investigate and analyse the network traffic to understand what is happening and to deploy immediate response in case of an identified attack. Wireshark proves to be an effective open source tool in the study of network packets and their behaviour. In this regard, Wireshark can be used in identifying and categorising various types of attack signatures. The purpose of this paper is to demonstrate how Wireshark is applied in network protocol diagnosis and can be used to discover traditional network attacks such as port scanning, covert FTP and IRC channels, ICMP-based attacks, BitTorrent-driven denial service, and etc. In addition, the case studies in this paper illustrate the idea of using Wireshark to identify new attack vectors.
UR - http://www.scopus.com/inward/record.url?scp=84936777326&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84936777326&partnerID=8YFLogxK
U2 - 10.1504/IJSN.2015.070421
DO - 10.1504/IJSN.2015.070421
M3 - Article
AN - SCOPUS:84936777326
SN - 1747-8405
VL - 10
SP - 91
EP - 106
JO - International Journal of Security and Networks
JF - International Journal of Security and Networks
IS - 2
ER -