Using Wireshark To Solve Real-World Network Problems - Essay Example

Using Wireshark To Solve Real-World Network ProblemsEncase provides a lot of features, as some of the features are to analyze files that are targeted to files stored on systems. Likewise, Encase utilizes keywords, hashing, and hex strings extracted from headers. Moreover, Encase s also bundled with a scripting language EnScript similar to Perl/Java. It also monitors defined systems on a network for detecting file alterations and probes. Furthermore, Encase can also be integrated with Intrusion Detection and Systems (IDS).

It can also capture snapshots during an attack in progress. For detecting threats on distributed networks, a methodology was presented by (Zonglin et al. 2009). This method consists of pattern detection for distributed network environment and also provides a network wide correlation analysis associated with instant parameters along with anomalous space extraction, instant amplitude and instant frequency. Moreover, this model will also facilitate to categorize data packets in to time and frequency domains distinctly.

Furthermore, network administrators can also implement a methodology, subset of the current methodology, which is called as anomalous space extraction based on predictions of network traffic or transmission of data packets. Likewise, anomalous space extraction will enhance capabilities of network administrators for PCA based methods. Moreover, network wide correlation analysis of amplitude and frequency that is also a subset of this methodology will determine overall transmission of data packets initiating from these distributed networks.

After the identification of the cause or source of the worm, the next step is to identify the infected nodes as well. Network administrator will use a specialized tool capable of all the mentioned technological methods, as manual work will consume a lot of time and in some cases it becomes impossible to detect unknown patterns that are located deep down the network layers. The name of the tool is ‘Wireshark’, as it has advanced facilities and features that will analyze network traffic packet by packet and will provide in-depth analysis (Sanders, 2007).

By using this ‘Wireshark’ tool, the first step a network administrator will take is the identification of traffic type or port types that will be the focus area. Likewise, the second step will be associated with capturing data packets on all ports that are available on the network (Sanders, 2007). However, the Network Forensic Analysis Tool (NFAT) provides playback actions for investigations an electronic crime or hacking activity. NFAT targets users, hosts and protocols along with content analysis as well.

In spite of all these features, NFAT does not support overall detection of live network traffic. Consequently, ‘Wireshark’ will differentiate unknown network patterns by analyzing each port so that statistics related to each data packet can be identified. The third task will be to trace the source from where the attack has been initiated. Likewise, network administrators have to focus on two areas i.e. record routes and time stamps. Moreover, these two fields are also considered by network administrators to address routing issues that may occur.

Furthermore, one more challenge that needs to be addresses is the time synchronization that is conducted by a track backing process. Time synchronization is necessary because data packets are travelled from one time zone to another. In order to address this challenge, a methodology named as packet marking will be implemented. Likewise, this methodology will integrate fractional information with data for conducting a successful trace back.Digital forensic investigators utilize network forensic analysis tools (NFAT) for capturing and examining data that is travelled within the network.

For overviewing functionality of a typical NFAT tool, Xplico is recommended as it provides decoding on the Internet traffic (Vacca, 2012). Likewise, these tools provide real time monitoring and capturing of data along with real time packet capturing, network content analysis and report generation that will facilitate investigators to identify anomalies. Moreover, by the facilitates of the (NFAT) tool, investigators can playback traffic and drill down the network traffic for examination, as data packets are filtered to ease the process of detecting information leakage incident.

However, investigators must keep in mind the dissimilarities between wired and wireless network characteristics associated with playback analysis data. Moreover, for playing back the recorded network communications, NFAT will be utilized and the playback will facilitate node to node communication analysis. However, there is one condition i.e. archiving data securely after data capturing from a real time network. Time sequencing analysis techniques, patterns and content techniques are persuading, while analyzing data capturing from Intrusion detections system (IDS) and NFAT.

Likewise, Infini stream also uses time sequencing techniques to replay network activities. Moreover, pattern analysis provides the minimum requirements for network security and content analysis provides a deep inspection of packets. NFAT will provide data from wired and wireless interfaces for constructing simulated environment of the current situation within the network. Investigators will then review the time line that will demonstrate events and activities related to threats, which is presentable in the course system.

Work CitedSanders, C. Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems., 2007. Print.Vacca, J. R. Computer and Information Security Handbook. Elsevier Science, 2012. Print.Zonglin, Li, et al. "Detecting Distributed Network Traffic Anomaly with Network-Wide Correlation Analysis." EURASIP Journal on Advances in Signal Processing 2009.1 (2009): 752818. Print.