Title: Network forensics analysis using Wireshark

Authors: Vivens Ndatinya; Zhifeng Xiao; Vasudeva Rao Manepalli; Ke Meng; Yang Xiao

Addresses: Department of Computer Science, University of Alabama, Tuscaloosa, AL 35401, USA ' Department of Computer Science and Software Engineering, Penn State Erie, The Behrend College, Erie, PA 16563, USA ' Department of Computer Science, University of Alabama, Tuscaloosa, AL 35401, USA ' Department of Computer Science, University of Alabama, Tuscaloosa, AL 35401, USA ' Department of Computer Science, University of Alabama, Tuscaloosa, AL 35401, USA

Abstract: The number and types of attacks against networked computer systems have raised the importance of network security. Today, network administrators need to be able to investigate and analyse the network traffic to understand what is happening and to deploy immediate response in case of an identified attack. Wireshark proves to be an effective open source tool in the study of network packets and their behaviour. In this regard, Wireshark can be used in identifying and categorising various types of attack signatures. The purpose of this paper is to demonstrate how Wireshark is applied in network protocol diagnosis and can be used to discover traditional network attacks such as port scanning, covert FTP and IRC channels, ICMP-based attacks, BitTorrent-driven denial service, and etc. In addition, the case studies in this paper illustrate the idea of using Wireshark to identify new attack vectors.

Keywords: Wireshark; network security; network attacks; network forensics; forensic analysis; open source; network packets; attack detection.

DOI: 10.1504/IJSN.2015.070421

International Journal of Security and Networks, 2015 Vol.10 No.2, pp.91 - 106

Received: 20 Jan 2015
Accepted: 21 Jan 2015
Published online: 05 Jul 2015 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article