StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Using Wireshark To Solve Real-World Network Problems - Essay Example

Cite this document
Summary
The paper "Using Wireshark To Solve Real-World Network Problems" discusses the methodology for detecting threats on distributed networks presented by Zonglin, that consists of pattern detection for distributed network environment and also provides a network-wide correlation analysis…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER98.2% of users find it useful
Using Wireshark To Solve Real-World Network Problems
Read Text Preview

Extract of sample "Using Wireshark To Solve Real-World Network Problems"

Using Wireshark To Solve Real-World Network ProblemsEncase provides a lot of features, as some of the features are to analyze files that are targeted to files stored on systems. Likewise, Encase utilizes keywords, hashing, and hex strings extracted from headers. Moreover, Encase s also bundled with a scripting language EnScript similar to Perl/Java. It also monitors defined systems on a network for detecting file alterations and probes. Furthermore, Encase can also be integrated with Intrusion Detection and Systems (IDS).

It can also capture snapshots during an attack in progress. For detecting threats on distributed networks, a methodology was presented by (Zonglin et al. 2009). This method consists of pattern detection for distributed network environment and also provides a network wide correlation analysis associated with instant parameters along with anomalous space extraction, instant amplitude and instant frequency. Moreover, this model will also facilitate to categorize data packets in to time and frequency domains distinctly.

Furthermore, network administrators can also implement a methodology, subset of the current methodology, which is called as anomalous space extraction based on predictions of network traffic or transmission of data packets. Likewise, anomalous space extraction will enhance capabilities of network administrators for PCA based methods. Moreover, network wide correlation analysis of amplitude and frequency that is also a subset of this methodology will determine overall transmission of data packets initiating from these distributed networks.

After the identification of the cause or source of the worm, the next step is to identify the infected nodes as well. Network administrator will use a specialized tool capable of all the mentioned technological methods, as manual work will consume a lot of time and in some cases it becomes impossible to detect unknown patterns that are located deep down the network layers. The name of the tool is ‘Wireshark’, as it has advanced facilities and features that will analyze network traffic packet by packet and will provide in-depth analysis (Sanders, 2007).

By using this ‘Wireshark’ tool, the first step a network administrator will take is the identification of traffic type or port types that will be the focus area. Likewise, the second step will be associated with capturing data packets on all ports that are available on the network (Sanders, 2007). However, the Network Forensic Analysis Tool (NFAT) provides playback actions for investigations an electronic crime or hacking activity. NFAT targets users, hosts and protocols along with content analysis as well.

In spite of all these features, NFAT does not support overall detection of live network traffic. Consequently, ‘Wireshark’ will differentiate unknown network patterns by analyzing each port so that statistics related to each data packet can be identified. The third task will be to trace the source from where the attack has been initiated. Likewise, network administrators have to focus on two areas i.e. record routes and time stamps. Moreover, these two fields are also considered by network administrators to address routing issues that may occur.

Furthermore, one more challenge that needs to be addresses is the time synchronization that is conducted by a track backing process. Time synchronization is necessary because data packets are travelled from one time zone to another. In order to address this challenge, a methodology named as packet marking will be implemented. Likewise, this methodology will integrate fractional information with data for conducting a successful trace back.Digital forensic investigators utilize network forensic analysis tools (NFAT) for capturing and examining data that is travelled within the network.

For overviewing functionality of a typical NFAT tool, Xplico is recommended as it provides decoding on the Internet traffic (Vacca, 2012). Likewise, these tools provide real time monitoring and capturing of data along with real time packet capturing, network content analysis and report generation that will facilitate investigators to identify anomalies. Moreover, by the facilitates of the (NFAT) tool, investigators can playback traffic and drill down the network traffic for examination, as data packets are filtered to ease the process of detecting information leakage incident.

However, investigators must keep in mind the dissimilarities between wired and wireless network characteristics associated with playback analysis data. Moreover, for playing back the recorded network communications, NFAT will be utilized and the playback will facilitate node to node communication analysis. However, there is one condition i.e. archiving data securely after data capturing from a real time network. Time sequencing analysis techniques, patterns and content techniques are persuading, while analyzing data capturing from Intrusion detections system (IDS) and NFAT.

Likewise, Infini stream also uses time sequencing techniques to replay network activities. Moreover, pattern analysis provides the minimum requirements for network security and content analysis provides a deep inspection of packets. NFAT will provide data from wired and wireless interfaces for constructing simulated environment of the current situation within the network. Investigators will then review the time line that will demonstrate events and activities related to threats, which is presentable in the course system.

Work CitedSanders, C. Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems., 2007. Print.Vacca, J. R. Computer and Information Security Handbook. Elsevier Science, 2012. Print.Zonglin, Li, et al. "Detecting Distributed Network Traffic Anomaly with Network-Wide Correlation Analysis." EURASIP Journal on Advances in Signal Processing 2009.1 (2009): 752818. Print.

Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Using Wireshark To Solve Real-World Network Problems Essay”, n.d.)
Using Wireshark To Solve Real-World Network Problems Essay. Retrieved from https://studentshare.org/information-technology/1487494-security-product-service
(Using Wireshark To Solve Real-World Network Problems Essay)
Using Wireshark To Solve Real-World Network Problems Essay. https://studentshare.org/information-technology/1487494-security-product-service.
“Using Wireshark To Solve Real-World Network Problems Essay”, n.d. https://studentshare.org/information-technology/1487494-security-product-service.
  • Cited: 0 times

CHECK THESE SAMPLES OF Using Wireshark To Solve Real-World Network Problems

A report on Wireshark

Wireshark is a network application designed for analyzing transmission packets over the network.... Additionally, the Wireshark network packet analyzer application is aimed to get the network packets as well as attempts to show that packet data to a great extent useful way.... Wireshark is a network application designed for analyzing transmission packets over the network.... Additionally, the Wireshark network packet analyzer application is aimed to get the network packets as well as attempts to show that packet data to a great extent useful way....
14 Pages (3500 words) Essay

Skype

om, viewed 1 March 2012, Sanders, C 2007, Practical Packet Analysis: Using Wireshark To Solve Real-World Network Problems, No Starch Press, USA.... ?? The voice call passes both through the Internet and through a telephone network.... When all signals have been packetized, they are then sent to a packet-switched network in Mr.... A's PC was the originating gateway, and the packet-switched network which received the packets was the end gateway, which will send the voice signals to the public switched telephone network (PSTN)....
1 Pages (250 words) Essay

An Evaluation of Wireless Intrusion Prevention and Protecting Insecure Channels

Introduction Wireless networking has emerged as a very useful technology and the majority of organizations have started moving their network infrastructures to wireless networking environments.... In fact, wireless networks allow organizations to build their communication infrastructures without using wires.... Additionally, wireless networks can face a variety of challenges and in some cases people using these networks lose their personal data which can be used to carry out illegal tasks (Neumerkel & Grob, 2006; Klasnja, et al....
30 Pages (7500 words) Research Paper

The Lab Activity Done Using Wireshark and Wget Applications

Practical Packet Analysis: Using Wireshark To Solve Real-World Network Problems.... This lab report focuses on a thorough analysis of the lab activity done using wireshark and wget applications in the examination of a packet trace in a particular computer network.... This is then followed by starting up wireshark and beginning a February Lab Report This lab report focuses on a thorough analysis of the lab activity done using wireshark and wget applications in the examination of a packet trace in a particular computer network....
1 Pages (250 words) Lab Report

IT Problems Faced by Zulekha in Delivering Services to Its Patients

The paper "IT problems Faced by Zulekha in Delivering Services to Its Patients"  highlights how the problems have affected the company financially and its reputation, steps taken by Zulekha in solving the problems (deploying a new infrastructure i....
11 Pages (2750 words) Case Study

Flash Wrapper for ServePDF

Flash Wrapper For Servepdf Security IssuesIn this program, its communication network is in such a way that its communication paths and patterns are of a high level and are normally uncovered hence allowing zeroing on suspicious activities like internal collusion, questionable connections involving both out and inbound, policy violation, and bandwidth overuse.... The common security issues witnessed while using Flash wrapper for ServePDF are observed in its communication paths, captures of wireshark, during the installation of the program, it's cached in Cache/Squid Proxy, and while acquiring data using Java SDK and Adobe (Perriorellis, 2008)....
5 Pages (1250 words) Essay

Cloud Computing

hellip; The problem that the majority of companies faced with the traditional IT infrastructure consists of several problems.... One of the critical problems is the fact that it takes high energy costs.... The paper 'Cloud Computing' presents one of the most essential concepts that will continue to play a dramatic role in the modern century....
5 Pages (1250 words) Case Study

Security Analysis of A2Z and Redesign of its Network

Computer systems that are allowed in the organization are those that have been tested and certified ('Practical Packet Analysis: Using Wireshark To Solve Real-World Network Problems', 2011).... The author of this paper "Security Analysis of A2Z and Redesign of its network" discusses the statistical network analysis on the examples of two companies, including the quantitive network analysis ranking of assets, NMAP, password cracking, policy creation, information about security policies....
7 Pages (1750 words) Assignment
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us