SlideShare a Scribd company logo

A Deeper Look into Network Traffic Analysis using Wireshark.pdf

Jessica Thompson
Jessica Thompson

This document discusses network traffic analysis using Wireshark. It begins with an introduction to how network traffic analysis is important for performance optimization, network forensics, penetration testing, and ensuring integrated systems work properly. It then discusses how traffic analysis can be used maliciously by attackers to obtain sensitive information like passwords and files. The document goes on to explain how Wireshark can be used for both legitimate network analysis and malicious attacks, and describes different types of network attacks like passive and active attacks. It also discusses methods attackers can use to sniff network traffic on a switch. The document concludes with recommendations for countermeasures like access restrictions, encryption, and switch security features.

Education
1 of 4
Download to read offline
A Deeper Look into Network Traffic Analysis using Wireshark ∗Muhammed Alfawareh King Hussein School of Computing Sciences Princess Sumaya University for Technology,Amman,Jordan Abstract— Networks and the Internet are the backbones of the businesses in terms of sending and receiving data, as it saves time, effort and cost. And using traffic analysis performance issues can be optimized, network Forensics and spam can be detected, network proofing with penetration Testing can be done, policies can be formed to accommodate with using habits, and integrated systems can be made sure they deliver the data.Traffic analysis can also be used for malicious intents, it can be used to monitors the contents of the transmitted data like password, file names and communication parties, this paper will discuss all of these things how the attacker can obtain the traffic ,also will discuss some countermeasures to reduce this risk . Keywords: Wireshark, Traffic Analyzing ,Hijack attacks. I. INTRODUCTION Networks and the Internet are the backbone of business in term of sending and receiving data, as it saves time, effort and cost,Analysis of the network traffic is one of the most important tools used in network for performance analysis and detection of problems such as slow network and detect the spammer cause problems in the network, but at the same time double-edged weapon where it is the most important and dangerous tools used by the adversary to obtain information that helps them in gaining unauthorized access and stealing valuable informations [1] . A. Traffic Analysis Traffic analysis is collection of process intercepting and examining packets in order to extract the information from communication parties . It can be performed even when the communication are encrypted and cannot be decrypted. Traffic analysis can be performed in the context of military intelligence or counter-intelligence, and is a concern in computer security. We can know the communion parties, time of conversation, and we can obtain helpful information , passwords,file names,etc.. Traffic analysis is a special type of inference attack technique that looks at communication patterns between entities in a system[1,2]. B. Wireshark Wireshark ( Previously was known as Ethereal). Wire shark is one of the best efficient tools are used for traffic analyzing, this tool is free ,open source and compatible with all platforms, based on libpcap. It is widely used in network to solve the problems like performance issues , the issues be- tween integrated system like Avaya Communication manager and tiger system in hotels, Also we can use the wireshark in network forensics and by network professionals as well as educators. this tool support several type of protocols, such as TCP, IP, ARP and HTTP[1-3]. • Performance Issues: the most famous issue on the companies is slow connection to the web server,the complexity is every team (Networks, System adminis- trators, developers and security )in the company say the problem on the other team,so the Wireshark is helpful tool ,by analyzing the traffic in all path in the same time , problems can be determined. • Integrated System: the major problem in integrated systems synchronization and losing the data , but using powerful tools like wireshark we can determine the cause of problem by runing the wireshark in both sides in the same time . • Network Forensics: some companies they have bad employs , try to manipulate by the network and the systems , by sending Spam packets to all network ,and some of them send data related to the company to outside the company to give it to the compositor,So to fired these guys you need hard evidence , so using Traffic analyzer like the wireshark using costume filters we can determine these bad guys[4]. • Formulation of policies: using Wireshark we can determine the major sites visited by the Employee in the companies , based on the result of analysis we can formulate policy to prevent them from access those sites. • Penetration Testing: Wireshark tool enables the penetration tester to discover the flaws and breaches in the system security at user level authentication ,Also allows to ensures that imple- mentation of the system followed the standard[6]. • Education : WireShark is one of the most effective tools that help us in understanding and studying communication pro- cesses. For example How the clients get ip address from DHCP server?.DHCP is one of the most protocols used in the world in both LAN and WLAN networks, this protocol assigns parameters to the clients automatically, help the administrators from going to the devices and assign IP addresses.Also, it reduces IP addresses conflict issue. parameters are exchanged between the client and server in 4 stages as shown in figure 1[7]. II. NETWORK ATTACKS The attacker can lunch server hijacks attack using traffic analysis ,these attacks can be classified into two types:-
Fig. 1. DHCP Lease Allocation Process. Fig. 2. Passive Attack. • Passive Attacks • Active Attacks A. Passive attack This attack occurs without Knowledge and touch the victim as shown in figure 2 ,where the attacker listen to the conversation,then analyze the information using packet analyzer and get helpful information like passwords, cookies, name files, sites visited by the victim , and even the attacker able to reconstruct the voice over IP (VOIP) conversations , as you can see in figure 3[8-9]. B. Active Attacks This type occurs without Knowledge the victim where the attacker the will touch the data of the victim and change the meaning and content,it can be implemented by several way Fig. 3. VOIP Conversation Fig. 4. Active Attack . like Arp spoofing, IP spoofing ..etc ,in this cases the attacker act as Man in the middle ,as shown in figure 4 [8-9]. III. METHODS TO SNIFF ON SWITCH Now we are going to discuss the methods that can be used to sniff the packets on the switch, being an intelligent device. A. ARP Spoofing As we Know the Communication on L2 using the MAC Address , In most scenarios when we want to send /receive data we need the destination mac address , So we used the ARP protocol the main problem with this protocol is stateless, which means any device connected on the switch can lunch reply packet pretend he is the destination mac address or the gateway, in this way we poised the cash entry on the victim machine and on the SW, therefore Any packet send from any machine to different network the attacker can take copy from packets[10-11]. B. MAC-Flooding The switch is an smart device , contain Mac address table , mapping between the mac address and the port number , Therefore when the the sender send data this data will forward to the destination based on the mac table , but the main problem the Switches have limitation on the number of recodes on the mac table , therefore the attacker can use tools like hping3 generate massive number of mac addresses,in this case the switch will become like the hub(Dumy device) , will forward copy of the data to all devices connected on the switch , the attacker one of them[11]. C. Port Mirroring Is a method of monitoring network traffic. With port mirroring enabled, the switch sends a copy of all network packets seen on one port (or an entire VLAN) to another port, where the packet can be analyzed.As you can see in figure 5.In this type the attacker need to Access the switch either direct connection using console or remotely using Management protocol like HTTP, Telnet, SSH, and add couple of command to the switch to take a copy from the victim traffic to the attacker machine[11-12].
Fig. 5. Port mirroring Architecture . Fig. 6. Hardware Wired Tool kit Connections. Fig. 7. Alfa Tool Kit For wireless connections . D. Hardware Tool kits In this type the attacker use hardware tool and connect the kit to the victim cable , As shown figures 6,7. We can use another tool kit As shown in figure if the attacker connected by Wifi to the network IV. COUNTERMEASURES When the IT Staff Implement the network, they should aware of set of countermeasures • restrict the physical access to the Switches and cables only to the IT staff. • use TLS/SSL in the communication between the clients and the Servers. • allow only specific number of MAC address per Port , Depends on the Implementation requirement . • use feature Dynamic arp inspection to prevent the attacker to change the MAC Address. • use feature IP source guard to prevent the attacker from change his IP Address. • use feature DHCP snooping to prevent the attacker from violation (IP Source guard,Dynamic arp inspection). • adopt Encrypted protocols to manage the Switches and routers. V. CONCLUSIONS In this paper we discussed the importance of Network traffic analysis using wireshark and its role of solving the problems , network fornices ..etc. Also we discussed risk of network traffic analysis can be used to obtain helpful information to lunch the attack or stealing information . We also addressed many solutions that prevent the adversary from obtaining data and in case of access to the data , he will get encrypted data. VI. FUTURE WORK For future work, I will take the research in this paper further step to make comparing between all types of Traffic analysis tools And find the best environment to make ana- lyzing in less cost and with minimal delay to response to the clients Incidents . VII. ACKNOWLEDGMENT I would like to express My gratitude to all those who gave me the possibility to complete this paper. I want to thank the Computer Science Department for giving me permission to commence this paper in the first instance, to do the necessary research work and to use departmental data. I am deeply indebted to Dr. Ali Hadi from the CS Department for his guidance, stimulating suggestions and encouragement. REFERENCES [1] Ming-Hsing Chiu, Kuo-Pao Yang, Randall Meyer, and Tristan Kid- der,Analysis of a Man-in-the-Middle Experiment with Wireshark. [2] Mohammed Abdul Qadeer,Mohammad Zahid,Network Traffic Analy- sis and Intrusion Detection using Packet Sniffer,2010 . [3] Mustapha Adamu Mohammed*, Ashigbi Franlin Degadzor, Botchey Francis Effrim,Kwame Anim Appiah,BRUTE FORCE ATTACK DE- TECTION AND PREVENTION ON A NETWORK USING WIRE- SHARK ANALYSIS,2017.
. [4] Natarajan Meghanathan, Sumanth Reddy Allam and Loretta A. Moore,TOOLS AND TECHNIQUES FOR NETWORK FOREN- SICS,IJNSA, Vol .1, No.1,April 2009 . [5] Zhifeng Xiao,Yang Xiao,Network forensics analysis using Wire- shark,2015. [6] Brandon F. Murphy,Network Penetration Testing and Research,2013. [7] Te-Shun Chou, East Carolina University,TEACHING NETWORK SECURITY THROUGH SIGNATURE ANALYSIS OF COMPUTER NETWORK ATTACKS . [8] Ashwani Kumar,Security Attacks in Manet - A Review,2011. [9] D.Madhavi,TCP Session Hijacking Implementation by Stealing Cook- ies,Vol. 2, Issue 11, 2015 [10] Ankita Gupta, Kavita, Kirandeep Kaur,Vulnerability Assessment and Penetration Testing,International Journal of Engineering Trends and Technology- Volume4Issue3- 2013. [11] Mohammed Abdul Qadeer,Misbahur Rahman Siddiqui,Network Traf- fic Analysis and Intrusion Detection Using Packet Sniffer,January 2010. [12] Jian Zhang and Andrew Moore,Traffic Trace Artifacts due to Moni- toring Via Port Mirroring.

Recommended

Cryptography and network security.
Cryptography and network security.Cryptography and network security.
Cryptography and network security.RAVI RAJ
 
Virtual Labs SniffingConsider what you have learned so far
Virtual Labs SniffingConsider what you have learned so far Virtual Labs SniffingConsider what you have learned so far
Virtual Labs SniffingConsider what you have learned so far AlleneMcclendon878
 
Protecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperProtecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperShakas Technologies
 
Protecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperProtecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperShakas Technologies
 
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxINTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxSuhailShaik16
 
network security / information security
network security / information securitynetwork security / information security
network security / information securityRohan Choudhari
 
Anomaly detection final
Anomaly detection finalAnomaly detection final
Anomaly detection finalAkshay Bansal
 
Analysis of network traffic by using packet sniffing tool wireshark
Analysis of network traffic by using packet sniffing tool wiresharkAnalysis of network traffic by using packet sniffing tool wireshark
Analysis of network traffic by using packet sniffing tool wiresharkIJARIIT
 

Recommended

Cryptography and network security.
Cryptography and network security.Cryptography and network security.
Cryptography and network security.RAVI RAJ
 
Virtual Labs SniffingConsider what you have learned so far
Virtual Labs SniffingConsider what you have learned so far Virtual Labs SniffingConsider what you have learned so far
Virtual Labs SniffingConsider what you have learned so far AlleneMcclendon878
 
Protecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperProtecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperShakas Technologies
 
Protecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperProtecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperShakas Technologies
 
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxINTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxSuhailShaik16
 
network security / information security
network security / information securitynetwork security / information security
network security / information securityRohan Choudhari
 
Anomaly detection final
Anomaly detection finalAnomaly detection final
Anomaly detection finalAkshay Bansal
 
Analysis of network traffic by using packet sniffing tool wireshark
Analysis of network traffic by using packet sniffing tool wiresharkAnalysis of network traffic by using packet sniffing tool wireshark
Analysis of network traffic by using packet sniffing tool wiresharkIJARIIT
 
Internet Relay Chat Forensics
Internet Relay Chat ForensicsInternet Relay Chat Forensics
Internet Relay Chat ForensicsIJSRD
 
Distributed Systems
Distributed SystemsDistributed Systems
Distributed Systemsmitali.ray
 
Firewall configuration
Firewall configurationFirewall configuration
Firewall configurationNutan Kumar Panda
 
Forensic tools
Forensic toolsForensic tools
Forensic toolsVenkata Sreeram
 
Ethical Hacking - sniffing
Ethical Hacking - sniffingEthical Hacking - sniffing
Ethical Hacking - sniffingBhavya Chawla
 
IRJET- Adopting Encryption for Intranet File Communication System
IRJET- Adopting Encryption for Intranet File Communication SystemIRJET- Adopting Encryption for Intranet File Communication System
IRJET- Adopting Encryption for Intranet File Communication SystemIRJET Journal
 
A Study Of Open Ports As Security Vulnerabilities In Common User Computers
A Study Of Open Ports As Security Vulnerabilities In Common User ComputersA Study Of Open Ports As Security Vulnerabilities In Common User Computers
A Study Of Open Ports As Security Vulnerabilities In Common User ComputersJoshua Gorinson
 
Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...Tiffany Sandoval
 
NON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTRE
NON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTRENON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTRE
NON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTREcscpconf
 
Advance Technology
Advance TechnologyAdvance Technology
Advance TechnologyExport Promotion Bureau
 
Cyber security tutorial1
Cyber security tutorial1Cyber security tutorial1
Cyber security tutorial1sweta dargad
 
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsLayered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsEditor IJCATR
 
For your final step, you will synthesize the previous steps and la
For your final step, you will synthesize the previous steps and laFor your final step, you will synthesize the previous steps and la
For your final step, you will synthesize the previous steps and laShainaBoling829
 
Netdefender
NetdefenderNetdefender
Netdefenderkrishna Maddikara
 
A network behavior analysis method to detect this writes about a method to ...
A network behavior analysis method to detect this writes about a method to ...A network behavior analysis method to detect this writes about a method to ...
A network behavior analysis method to detect this writes about a method to ...Thang Nguyen
 
Presentation, Firewalls
Presentation, FirewallsPresentation, Firewalls
Presentation, Firewallskkkseld
 
Topic # 16 of outline Managing Network Services.pptx
Topic # 16 of outline Managing Network Services.pptxTopic # 16 of outline Managing Network Services.pptx
Topic # 16 of outline Managing Network Services.pptxAyeCS11
 
Individual CommentsYour answers missed there below topics, sp.docx
Individual CommentsYour answers missed there below topics, sp.docxIndividual CommentsYour answers missed there below topics, sp.docx
Individual CommentsYour answers missed there below topics, sp.docxdirkrplav
 
9-1 Final Project Submission Network Analysis and Archit.docx
9-1 Final Project Submission Network Analysis and Archit.docx9-1 Final Project Submission Network Analysis and Archit.docx
9-1 Final Project Submission Network Analysis and Archit.docxsleeperharwell
 
Avoiding Man in the Middle Attack Based on ARP Spoofing in the LAN
Avoiding Man in the Middle Attack Based on ARP Spoofing in the LANAvoiding Man in the Middle Attack Based on ARP Spoofing in the LAN
Avoiding Man in the Middle Attack Based on ARP Spoofing in the LANEditor IJCATR
 
017 Narrative Essay Example College Everythin
017 Narrative Essay Example College Everythin017 Narrative Essay Example College Everythin
017 Narrative Essay Example College EverythinJessica Thompson
 
How To Write A Research Introduction 10 Steps (Wit
How To Write A Research Introduction 10 Steps (WitHow To Write A Research Introduction 10 Steps (Wit
How To Write A Research Introduction 10 Steps (WitJessica Thompson
 

More Related Content

Similar to A Deeper Look into Network Traffic Analysis using Wireshark.pdf

Internet Relay Chat Forensics
Internet Relay Chat ForensicsInternet Relay Chat Forensics
Internet Relay Chat ForensicsIJSRD
 
Distributed Systems
Distributed SystemsDistributed Systems
Distributed Systemsmitali.ray
 
Ethical Hacking - sniffing
Ethical Hacking - sniffingEthical Hacking - sniffing
Ethical Hacking - sniffingBhavya Chawla
 
IRJET- Adopting Encryption for Intranet File Communication System
IRJET- Adopting Encryption for Intranet File Communication SystemIRJET- Adopting Encryption for Intranet File Communication System
IRJET- Adopting Encryption for Intranet File Communication SystemIRJET Journal
 
A Study Of Open Ports As Security Vulnerabilities In Common User Computers
A Study Of Open Ports As Security Vulnerabilities In Common User ComputersA Study Of Open Ports As Security Vulnerabilities In Common User Computers
A Study Of Open Ports As Security Vulnerabilities In Common User ComputersJoshua Gorinson
 
Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...Tiffany Sandoval
 
NON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTRE
NON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTRENON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTRE
NON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTREcscpconf
 
Cyber security tutorial1
Cyber security tutorial1Cyber security tutorial1
Cyber security tutorial1sweta dargad
 
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsLayered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsEditor IJCATR
 
For your final step, you will synthesize the previous steps and la
For your final step, you will synthesize the previous steps and laFor your final step, you will synthesize the previous steps and la
For your final step, you will synthesize the previous steps and laShainaBoling829
 
A network behavior analysis method to detect this writes about a method to ...
A network behavior analysis method to detect this writes about a method to ...A network behavior analysis method to detect this writes about a method to ...
A network behavior analysis method to detect this writes about a method to ...Thang Nguyen
 
Presentation, Firewalls
Presentation, FirewallsPresentation, Firewalls
Presentation, Firewallskkkseld
 
Topic # 16 of outline Managing Network Services.pptx
Topic # 16 of outline Managing Network Services.pptxTopic # 16 of outline Managing Network Services.pptx
Topic # 16 of outline Managing Network Services.pptxAyeCS11
 
Individual CommentsYour answers missed there below topics, sp.docx
Individual CommentsYour answers missed there below topics, sp.docxIndividual CommentsYour answers missed there below topics, sp.docx
Individual CommentsYour answers missed there below topics, sp.docxdirkrplav
 
9-1 Final Project Submission Network Analysis and Archit.docx
9-1 Final Project Submission Network Analysis and Archit.docx9-1 Final Project Submission Network Analysis and Archit.docx
9-1 Final Project Submission Network Analysis and Archit.docxsleeperharwell
 
Avoiding Man in the Middle Attack Based on ARP Spoofing in the LAN
Avoiding Man in the Middle Attack Based on ARP Spoofing in the LANAvoiding Man in the Middle Attack Based on ARP Spoofing in the LAN
Avoiding Man in the Middle Attack Based on ARP Spoofing in the LANEditor IJCATR
 

Similar to A Deeper Look into Network Traffic Analysis using Wireshark.pdf (20)

Internet Relay Chat Forensics
Internet Relay Chat ForensicsInternet Relay Chat Forensics
Internet Relay Chat Forensics
 
Distributed Systems
Distributed SystemsDistributed Systems
Distributed Systems
 
Firewall configuration
Firewall configurationFirewall configuration
Firewall configuration
 
Forensic tools
Forensic toolsForensic tools
Forensic tools
 
Ethical Hacking - sniffing
Ethical Hacking - sniffingEthical Hacking - sniffing
Ethical Hacking - sniffing
 
IRJET- Adopting Encryption for Intranet File Communication System
IRJET- Adopting Encryption for Intranet File Communication SystemIRJET- Adopting Encryption for Intranet File Communication System
IRJET- Adopting Encryption for Intranet File Communication System
 
A Study Of Open Ports As Security Vulnerabilities In Common User Computers
A Study Of Open Ports As Security Vulnerabilities In Common User ComputersA Study Of Open Ports As Security Vulnerabilities In Common User Computers
A Study Of Open Ports As Security Vulnerabilities In Common User Computers
 
Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...
 
NON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTRE
NON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTRENON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTRE
NON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTRE
 
Advance Technology
Advance TechnologyAdvance Technology
Advance Technology
 
Cyber security tutorial1
Cyber security tutorial1Cyber security tutorial1
Cyber security tutorial1
 
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsLayered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
 
For your final step, you will synthesize the previous steps and la
For your final step, you will synthesize the previous steps and laFor your final step, you will synthesize the previous steps and la
For your final step, you will synthesize the previous steps and la
 
Netdefender
NetdefenderNetdefender
Netdefender
 
A network behavior analysis method to detect this writes about a method to ...
A network behavior analysis method to detect this writes about a method to ...A network behavior analysis method to detect this writes about a method to ...
A network behavior analysis method to detect this writes about a method to ...
 
Presentation, Firewalls
Presentation, FirewallsPresentation, Firewalls
Presentation, Firewalls
 
Topic # 16 of outline Managing Network Services.pptx
Topic # 16 of outline Managing Network Services.pptxTopic # 16 of outline Managing Network Services.pptx
Topic # 16 of outline Managing Network Services.pptx
 
Individual CommentsYour answers missed there below topics, sp.docx
Individual CommentsYour answers missed there below topics, sp.docxIndividual CommentsYour answers missed there below topics, sp.docx
Individual CommentsYour answers missed there below topics, sp.docx
 
9-1 Final Project Submission Network Analysis and Archit.docx
9-1 Final Project Submission Network Analysis and Archit.docx9-1 Final Project Submission Network Analysis and Archit.docx
9-1 Final Project Submission Network Analysis and Archit.docx
 
Avoiding Man in the Middle Attack Based on ARP Spoofing in the LAN
Avoiding Man in the Middle Attack Based on ARP Spoofing in the LANAvoiding Man in the Middle Attack Based on ARP Spoofing in the LAN
Avoiding Man in the Middle Attack Based on ARP Spoofing in the LAN
 

More from Jessica Thompson

017 Narrative Essay Example College Everythin
017 Narrative Essay Example College Everythin017 Narrative Essay Example College Everythin
017 Narrative Essay Example College EverythinJessica Thompson
 
How To Write A Research Introduction 10 Steps (Wit
How To Write A Research Introduction 10 Steps (WitHow To Write A Research Introduction 10 Steps (Wit
How To Write A Research Introduction 10 Steps (WitJessica Thompson
 
Hamburger Writing Template By Kids Korner Teachers
Hamburger Writing Template By Kids Korner TeachersHamburger Writing Template By Kids Korner Teachers
Hamburger Writing Template By Kids Korner TeachersJessica Thompson
 
Writing Papers And Lined Envelopes - BSC 019
Writing Papers And Lined Envelopes - BSC 019Writing Papers And Lined Envelopes - BSC 019
Writing Papers And Lined Envelopes - BSC 019Jessica Thompson
 
Term Paper Outline For High School - Research Paper
Term Paper Outline For High School - Research PaperTerm Paper Outline For High School - Research Paper
Term Paper Outline For High School - Research PaperJessica Thompson
 
Free Cause And Effect Essay. Cause And Effect E
Free Cause And Effect Essay. Cause And Effect EFree Cause And Effect Essay. Cause And Effect E
Free Cause And Effect Essay. Cause And Effect EJessica Thompson
 
TOEFL Essay 011020 Teachers Libraries
TOEFL Essay 011020 Teachers LibrariesTOEFL Essay 011020 Teachers Libraries
TOEFL Essay 011020 Teachers LibrariesJessica Thompson
 
How To Write A Term Paper Complete Guide (2023)
How To Write A Term Paper Complete Guide (2023)How To Write A Term Paper Complete Guide (2023)
How To Write A Term Paper Complete Guide (2023)Jessica Thompson
 
Essay Writing Website Best Website To Write Your Essay
Essay Writing Website Best Website To Write Your EssayEssay Writing Website Best Website To Write Your Essay
Essay Writing Website Best Website To Write Your EssayJessica Thompson
 
Printable Peppa Pig Reading And Writing Worksheet - M
Printable Peppa Pig Reading And Writing Worksheet - MPrintable Peppa Pig Reading And Writing Worksheet - M
Printable Peppa Pig Reading And Writing Worksheet - MJessica Thompson
 
College Essay Clichs To Avoid (And Better Alternativ
College Essay Clichs To Avoid (And Better AlternativCollege Essay Clichs To Avoid (And Better Alternativ
College Essay Clichs To Avoid (And Better AlternativJessica Thompson
 
11 Tips On How To Write Essay Fa
11 Tips On How To Write Essay Fa11 Tips On How To Write Essay Fa
11 Tips On How To Write Essay FaJessica Thompson
 
6 Best Images Of Free Printable Dotted Line Writing Paper - Free ...
6 Best Images Of Free Printable Dotted Line Writing Paper - Free ...6 Best Images Of Free Printable Dotted Line Writing Paper - Free ...
6 Best Images Of Free Printable Dotted Line Writing Paper - Free ...Jessica Thompson
 
Analytical Essay Writing Tips For College Student
Analytical Essay Writing Tips For College StudentAnalytical Essay Writing Tips For College Student
Analytical Essay Writing Tips For College StudentJessica Thompson
 
Scholarship Essays Help 4 Ways To Make Your Essay
Scholarship Essays Help 4 Ways To Make Your EssayScholarship Essays Help 4 Ways To Make Your Essay
Scholarship Essays Help 4 Ways To Make Your EssayJessica Thompson
 
Amazon.Com SpongeBob 11-Piece
Amazon.Com SpongeBob 11-PieceAmazon.Com SpongeBob 11-Piece
Amazon.Com SpongeBob 11-PieceJessica Thompson
 
Argumentative Writing Prompts List Worksheets
Argumentative Writing Prompts List WorksheetsArgumentative Writing Prompts List Worksheets
Argumentative Writing Prompts List WorksheetsJessica Thompson
 
Essay Books. How To Write Essays About Books. 2019
Essay Books. How To Write Essays About Books. 2019Essay Books. How To Write Essays About Books. 2019
Essay Books. How To Write Essays About Books. 2019Jessica Thompson
 

More from Jessica Thompson (20)

017 Narrative Essay Example College Everythin
017 Narrative Essay Example College Everythin017 Narrative Essay Example College Everythin
017 Narrative Essay Example College Everythin
 
How To Write A Research Introduction 10 Steps (Wit
How To Write A Research Introduction 10 Steps (WitHow To Write A Research Introduction 10 Steps (Wit
How To Write A Research Introduction 10 Steps (Wit
 
College Essay Mistakes We
College Essay Mistakes WeCollege Essay Mistakes We
College Essay Mistakes We
 
Hamburger Writing Template By Kids Korner Teachers
Hamburger Writing Template By Kids Korner TeachersHamburger Writing Template By Kids Korner Teachers
Hamburger Writing Template By Kids Korner Teachers
 
Writing Papers And Lined Envelopes - BSC 019
Writing Papers And Lined Envelopes - BSC 019Writing Papers And Lined Envelopes - BSC 019
Writing Papers And Lined Envelopes - BSC 019
 
Term Paper Outline For High School - Research Paper
Term Paper Outline For High School - Research PaperTerm Paper Outline For High School - Research Paper
Term Paper Outline For High School - Research Paper
 
Free Cause And Effect Essay. Cause And Effect E
Free Cause And Effect Essay. Cause And Effect EFree Cause And Effect Essay. Cause And Effect E
Free Cause And Effect Essay. Cause And Effect E
 
TOEFL Essay 011020 Teachers Libraries
TOEFL Essay 011020 Teachers LibrariesTOEFL Essay 011020 Teachers Libraries
TOEFL Essay 011020 Teachers Libraries
 
How To Write A Term Paper Complete Guide (2023)
How To Write A Term Paper Complete Guide (2023)How To Write A Term Paper Complete Guide (2023)
How To Write A Term Paper Complete Guide (2023)
 
Synthesis Essay Checklist
Synthesis Essay ChecklistSynthesis Essay Checklist
Synthesis Essay Checklist
 
Essay Writing Website Best Website To Write Your Essay
Essay Writing Website Best Website To Write Your EssayEssay Writing Website Best Website To Write Your Essay
Essay Writing Website Best Website To Write Your Essay
 
Printable Peppa Pig Reading And Writing Worksheet - M
Printable Peppa Pig Reading And Writing Worksheet - MPrintable Peppa Pig Reading And Writing Worksheet - M
Printable Peppa Pig Reading And Writing Worksheet - M
 
College Essay Clichs To Avoid (And Better Alternativ
College Essay Clichs To Avoid (And Better AlternativCollege Essay Clichs To Avoid (And Better Alternativ
College Essay Clichs To Avoid (And Better Alternativ
 
11 Tips On How To Write Essay Fa
11 Tips On How To Write Essay Fa11 Tips On How To Write Essay Fa
11 Tips On How To Write Essay Fa
 
6 Best Images Of Free Printable Dotted Line Writing Paper - Free ...
6 Best Images Of Free Printable Dotted Line Writing Paper - Free ...6 Best Images Of Free Printable Dotted Line Writing Paper - Free ...
6 Best Images Of Free Printable Dotted Line Writing Paper - Free ...
 
Analytical Essay Writing Tips For College Student
Analytical Essay Writing Tips For College StudentAnalytical Essay Writing Tips For College Student
Analytical Essay Writing Tips For College Student
 
Scholarship Essays Help 4 Ways To Make Your Essay
Scholarship Essays Help 4 Ways To Make Your EssayScholarship Essays Help 4 Ways To Make Your Essay
Scholarship Essays Help 4 Ways To Make Your Essay
 
Amazon.Com SpongeBob 11-Piece
Amazon.Com SpongeBob 11-PieceAmazon.Com SpongeBob 11-Piece
Amazon.Com SpongeBob 11-Piece
 
Argumentative Writing Prompts List Worksheets
Argumentative Writing Prompts List WorksheetsArgumentative Writing Prompts List Worksheets
Argumentative Writing Prompts List Worksheets
 
Essay Books. How To Write Essays About Books. 2019
Essay Books. How To Write Essays About Books. 2019Essay Books. How To Write Essays About Books. 2019
Essay Books. How To Write Essays About Books. 2019
 

Recently uploaded

Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Jisc
 
How to Add a Tool Tip to a Field in Odoo 17
How to Add a Tool Tip to a Field in Odoo 17How to Add a Tool Tip to a Field in Odoo 17
How to Add a Tool Tip to a Field in Odoo 17Celine George
 
How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17Celine George
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfDr Vijay Vishwakarma
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxDr. Ravikiran H M Gowda
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jisc
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxmarlenawright1
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - Englishneillewis46
 
Simple, Complex, and Compound Sentences Exercises.pdf
Simple, Complex, and Compound Sentences Exercises.pdfSimple, Complex, and Compound Sentences Exercises.pdf
Simple, Complex, and Compound Sentences Exercises.pdfstareducators107
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxEsquimalt MFRC
 
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Pooja Bhuva
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and ModificationsMJDuyan
 
Play hard learn harder: The Serious Business of Play
Play hard learn harder: The Serious Business of PlayPlay hard learn harder: The Serious Business of Play
Play hard learn harder: The Serious Business of PlayPooky Knightsmith
 
Details on CBSE Compartment Exam.pptx1111
Details on CBSE Compartment Exam.pptx1111Details on CBSE Compartment Exam.pptx1111
Details on CBSE Compartment Exam.pptx1111GangaMaiya1
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxRamakrishna Reddy Bijjam
 
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxExploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxPooja Bhuva
 
QUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lesson
QUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lessonQUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lesson
QUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lessonhttgc7rh9c
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17Celine George
 
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...Nguyen Thanh Tu Collection
 

Recently uploaded (20)

Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
How to Add a Tool Tip to a Field in Odoo 17
How to Add a Tool Tip to a Field in Odoo 17How to Add a Tool Tip to a Field in Odoo 17
How to Add a Tool Tip to a Field in Odoo 17
 
How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptx
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 
Simple, Complex, and Compound Sentences Exercises.pdf
Simple, Complex, and Compound Sentences Exercises.pdfSimple, Complex, and Compound Sentences Exercises.pdf
Simple, Complex, and Compound Sentences Exercises.pdf
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
Play hard learn harder: The Serious Business of Play
Play hard learn harder: The Serious Business of PlayPlay hard learn harder: The Serious Business of Play
Play hard learn harder: The Serious Business of Play
 
Details on CBSE Compartment Exam.pptx1111
Details on CBSE Compartment Exam.pptx1111Details on CBSE Compartment Exam.pptx1111
Details on CBSE Compartment Exam.pptx1111
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxExploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
 
QUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lesson
QUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lessonQUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lesson
QUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lesson
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
VAMOS CUIDAR DO NOSSO PLANETA! .
VAMOS CUIDAR DO NOSSO PLANETA! .VAMOS CUIDAR DO NOSSO PLANETA! .
VAMOS CUIDAR DO NOSSO PLANETA! .
 
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
 

A Deeper Look into Network Traffic Analysis using Wireshark.pdf

  • 1. A Deeper Look into Network Traffic Analysis using Wireshark ∗Muhammed Alfawareh King Hussein School of Computing Sciences Princess Sumaya University for Technology,Amman,Jordan Abstract— Networks and the Internet are the backbones of the businesses in terms of sending and receiving data, as it saves time, effort and cost. And using traffic analysis performance issues can be optimized, network Forensics and spam can be detected, network proofing with penetration Testing can be done, policies can be formed to accommodate with using habits, and integrated systems can be made sure they deliver the data.Traffic analysis can also be used for malicious intents, it can be used to monitors the contents of the transmitted data like password, file names and communication parties, this paper will discuss all of these things how the attacker can obtain the traffic ,also will discuss some countermeasures to reduce this risk . Keywords: Wireshark, Traffic Analyzing ,Hijack attacks. I. INTRODUCTION Networks and the Internet are the backbone of business in term of sending and receiving data, as it saves time, effort and cost,Analysis of the network traffic is one of the most important tools used in network for performance analysis and detection of problems such as slow network and detect the spammer cause problems in the network, but at the same time double-edged weapon where it is the most important and dangerous tools used by the adversary to obtain information that helps them in gaining unauthorized access and stealing valuable informations [1] . A. Traffic Analysis Traffic analysis is collection of process intercepting and examining packets in order to extract the information from communication parties . It can be performed even when the communication are encrypted and cannot be decrypted. Traffic analysis can be performed in the context of military intelligence or counter-intelligence, and is a concern in computer security. We can know the communion parties, time of conversation, and we can obtain helpful information , passwords,file names,etc.. Traffic analysis is a special type of inference attack technique that looks at communication patterns between entities in a system[1,2]. B. Wireshark Wireshark ( Previously was known as Ethereal). Wire shark is one of the best efficient tools are used for traffic analyzing, this tool is free ,open source and compatible with all platforms, based on libpcap. It is widely used in network to solve the problems like performance issues , the issues be- tween integrated system like Avaya Communication manager and tiger system in hotels, Also we can use the wireshark in network forensics and by network professionals as well as educators. this tool support several type of protocols, such as TCP, IP, ARP and HTTP[1-3]. • Performance Issues: the most famous issue on the companies is slow connection to the web server,the complexity is every team (Networks, System adminis- trators, developers and security )in the company say the problem on the other team,so the Wireshark is helpful tool ,by analyzing the traffic in all path in the same time , problems can be determined. • Integrated System: the major problem in integrated systems synchronization and losing the data , but using powerful tools like wireshark we can determine the cause of problem by runing the wireshark in both sides in the same time . • Network Forensics: some companies they have bad employs , try to manipulate by the network and the systems , by sending Spam packets to all network ,and some of them send data related to the company to outside the company to give it to the compositor,So to fired these guys you need hard evidence , so using Traffic analyzer like the wireshark using costume filters we can determine these bad guys[4]. • Formulation of policies: using Wireshark we can determine the major sites visited by the Employee in the companies , based on the result of analysis we can formulate policy to prevent them from access those sites. • Penetration Testing: Wireshark tool enables the penetration tester to discover the flaws and breaches in the system security at user level authentication ,Also allows to ensures that imple- mentation of the system followed the standard[6]. • Education : WireShark is one of the most effective tools that help us in understanding and studying communication pro- cesses. For example How the clients get ip address from DHCP server?.DHCP is one of the most protocols used in the world in both LAN and WLAN networks, this protocol assigns parameters to the clients automatically, help the administrators from going to the devices and assign IP addresses.Also, it reduces IP addresses conflict issue. parameters are exchanged between the client and server in 4 stages as shown in figure 1[7]. II. NETWORK ATTACKS The attacker can lunch server hijacks attack using traffic analysis ,these attacks can be classified into two types:-
  • 2. Fig. 1. DHCP Lease Allocation Process. Fig. 2. Passive Attack. • Passive Attacks • Active Attacks A. Passive attack This attack occurs without Knowledge and touch the victim as shown in figure 2 ,where the attacker listen to the conversation,then analyze the information using packet analyzer and get helpful information like passwords, cookies, name files, sites visited by the victim , and even the attacker able to reconstruct the voice over IP (VOIP) conversations , as you can see in figure 3[8-9]. B. Active Attacks This type occurs without Knowledge the victim where the attacker the will touch the data of the victim and change the meaning and content,it can be implemented by several way Fig. 3. VOIP Conversation Fig. 4. Active Attack . like Arp spoofing, IP spoofing ..etc ,in this cases the attacker act as Man in the middle ,as shown in figure 4 [8-9]. III. METHODS TO SNIFF ON SWITCH Now we are going to discuss the methods that can be used to sniff the packets on the switch, being an intelligent device. A. ARP Spoofing As we Know the Communication on L2 using the MAC Address , In most scenarios when we want to send /receive data we need the destination mac address , So we used the ARP protocol the main problem with this protocol is stateless, which means any device connected on the switch can lunch reply packet pretend he is the destination mac address or the gateway, in this way we poised the cash entry on the victim machine and on the SW, therefore Any packet send from any machine to different network the attacker can take copy from packets[10-11]. B. MAC-Flooding The switch is an smart device , contain Mac address table , mapping between the mac address and the port number , Therefore when the the sender send data this data will forward to the destination based on the mac table , but the main problem the Switches have limitation on the number of recodes on the mac table , therefore the attacker can use tools like hping3 generate massive number of mac addresses,in this case the switch will become like the hub(Dumy device) , will forward copy of the data to all devices connected on the switch , the attacker one of them[11]. C. Port Mirroring Is a method of monitoring network traffic. With port mirroring enabled, the switch sends a copy of all network packets seen on one port (or an entire VLAN) to another port, where the packet can be analyzed.As you can see in figure 5.In this type the attacker need to Access the switch either direct connection using console or remotely using Management protocol like HTTP, Telnet, SSH, and add couple of command to the switch to take a copy from the victim traffic to the attacker machine[11-12].
  • 3. Fig. 5. Port mirroring Architecture . Fig. 6. Hardware Wired Tool kit Connections. Fig. 7. Alfa Tool Kit For wireless connections . D. Hardware Tool kits In this type the attacker use hardware tool and connect the kit to the victim cable , As shown figures 6,7. We can use another tool kit As shown in figure if the attacker connected by Wifi to the network IV. COUNTERMEASURES When the IT Staff Implement the network, they should aware of set of countermeasures • restrict the physical access to the Switches and cables only to the IT staff. • use TLS/SSL in the communication between the clients and the Servers. • allow only specific number of MAC address per Port , Depends on the Implementation requirement . • use feature Dynamic arp inspection to prevent the attacker to change the MAC Address. • use feature IP source guard to prevent the attacker from change his IP Address. • use feature DHCP snooping to prevent the attacker from violation (IP Source guard,Dynamic arp inspection). • adopt Encrypted protocols to manage the Switches and routers. V. CONCLUSIONS In this paper we discussed the importance of Network traffic analysis using wireshark and its role of solving the problems , network fornices ..etc. Also we discussed risk of network traffic analysis can be used to obtain helpful information to lunch the attack or stealing information . We also addressed many solutions that prevent the adversary from obtaining data and in case of access to the data , he will get encrypted data. VI. FUTURE WORK For future work, I will take the research in this paper further step to make comparing between all types of Traffic analysis tools And find the best environment to make ana- lyzing in less cost and with minimal delay to response to the clients Incidents . VII. ACKNOWLEDGMENT I would like to express My gratitude to all those who gave me the possibility to complete this paper. I want to thank the Computer Science Department for giving me permission to commence this paper in the first instance, to do the necessary research work and to use departmental data. I am deeply indebted to Dr. Ali Hadi from the CS Department for his guidance, stimulating suggestions and encouragement. REFERENCES [1] Ming-Hsing Chiu, Kuo-Pao Yang, Randall Meyer, and Tristan Kid- der,Analysis of a Man-in-the-Middle Experiment with Wireshark. [2] Mohammed Abdul Qadeer,Mohammad Zahid,Network Traffic Analy- sis and Intrusion Detection using Packet Sniffer,2010 . [3] Mustapha Adamu Mohammed*, Ashigbi Franlin Degadzor, Botchey Francis Effrim,Kwame Anim Appiah,BRUTE FORCE ATTACK DE- TECTION AND PREVENTION ON A NETWORK USING WIRE- SHARK ANALYSIS,2017.
  • 4. . [4] Natarajan Meghanathan, Sumanth Reddy Allam and Loretta A. Moore,TOOLS AND TECHNIQUES FOR NETWORK FOREN- SICS,IJNSA, Vol .1, No.1,April 2009 . [5] Zhifeng Xiao,Yang Xiao,Network forensics analysis using Wire- shark,2015. [6] Brandon F. Murphy,Network Penetration Testing and Research,2013. [7] Te-Shun Chou, East Carolina University,TEACHING NETWORK SECURITY THROUGH SIGNATURE ANALYSIS OF COMPUTER NETWORK ATTACKS . [8] Ashwani Kumar,Security Attacks in Manet - A Review,2011. [9] D.Madhavi,TCP Session Hijacking Implementation by Stealing Cook- ies,Vol. 2, Issue 11, 2015 [10] Ankita Gupta, Kavita, Kirandeep Kaur,Vulnerability Assessment and Penetration Testing,International Journal of Engineering Trends and Technology- Volume4Issue3- 2013. [11] Mohammed Abdul Qadeer,Misbahur Rahman Siddiqui,Network Traf- fic Analysis and Intrusion Detection Using Packet Sniffer,January 2010. [12] Jian Zhang and Andrew Moore,Traffic Trace Artifacts due to Moni- toring Via Port Mirroring.