SlideShare a Scribd company logo
NETWORK PACKET
Capture and Analysis
Contents
Packet Capture
Stateful Packet Inspection
Deep Packet Inspection
Introduction – Packet Capture
 Packet capture is the process of intercepting and logging traffic.
 Packet capture is the process carried out by a packet analyzer, also known as a
protocol analyzer, network analyzer or packet sniffer.
Packet Capturing
Varieties of packet sniffers
Today, sniffers exist in two broad varieties:
 The first is a stand-alone product incorporated into a portable computer
 The second is part of a larger package of network monitoring hardware
and software
 Basically Commercial packet sniffers are used to help maintain networks.
 Underground packet sniffers are used to break into computers.
Advantage
 Detection of Clear Text passwords and Username from the network
which is human readable form.
 Performance Analysis to discover network bottlenecks.
 Network Intrusion detection in order to discover hackers.
 Used to debug communication between a client and a server.
 Help in identifying who is communicating with whom and what data is
sent and received over the network.
 Used to make network more secure - In order to come through to your
network, it must pass through the packet sniffer.
 Used in identify network problems before they become serious.
Packet Capturing Tools
Best packet sniffers and network analyzers
 Tcpdump
 solarwinds
 Windump
 Wireshark
 tshark
 Network Miner
 Fiddler
 Capsa
Application
 Analyzing the band with used.
 Determining the hackers if any are trying to access .
 Know the ip address of different systems connected to your system
 Analyse the traffic flowing through the network
Disadvantage
 Configuring your network device to read all network packets that arrive which
might contain trojan horses.
 Act as open doors to allow intruders access to your confidential data and network
files.
Introduction – Packet Analyzer
 A packet analyzer is a computer application used to track, intercept and log
network traffic that passes over a digital network.
 It analyzes network traffic and generates a customized report to assist
organizations in managing their networks.
 Packet analyzers also may be used by hackers to intrude on networks and
steal information from network transmissions.
 A packet analyzer is also known as a sniffer, network analyzer or protocol
analyzer
Network Packet Analysis Tools
Mainly classified as Two types
 SPI – STATEFUL PACKET INSPECTION
 DPI – DEEP PACKET INSPECTION
STATEFULL PACKET INSPECTION
 Stateful Packet Inspection (SPI) works at the network layer of the OSI
model
 Examines some very basic information contained within the packet, such
as the packet header, packet footer and also determines if the packet
belongs to a valid session.
 Stateful inspection is a type of packet filtering that helps to control how
data packets move through a firewall.
Strengths :
 Like packet filtering firewalls, have very little impact on network
performance.
 More secure than basic packet filtering firewalls. Because stateful packet
inspection digs deeper into the packet header information to determine the
connection state between endpoints.
 Usually it have some logging capabilities. Logging can help identify and
track the different types of traffic that pass though the firewall
How Secure is SPI
 SPI only Control Incoming Traffic and wont be able to prevent attacks from
web browsers, Trojans etc.
 stateful packet inspection does not break the client/server model and
therefore allows a direct connection to be made between the two
endpoints
 Rules and filters in this packet screening method can become complex,
hard to manage, prone to error and difficult to test.
Deep Packet Inspection
 Deep packet inspection functions at the application layer of the Open
Systems Interconnection (OSI) reference model.
 DPI is an intelligent firewalling feature that forms part of the integrated
security suite.
 Deep Packet Inspection (DPI) – Removes the header information from a
packet to inspect the actual contents of the packet.
 Capable of inspecting layers 2 – 7 of the OSI model.
STRENGTH:
 Acts as a Network Security Tool.
 Deep packet inspection can also be used in network management to
streamline the flow of network traffic.
 DPI engines can also employ signature matching, stealth payload
detection and numerous other security capabilities
How Secure is DPI
 It can create new vulnerabilities in addition to protecting against existing
ones.
 Deep packet inspection adds to the complexity and unwieldy nature of
existing firewalls and other security-related software.
 DPI can reduce network speed because it increases the burden on firewall
processors.
 Despite these limitations, many network administrators have embraced
deep packet inspection technology in an attempt to cope with a perceived
increase in the complexity and widespread nature of internet-related perils
Conclusion
 A firewall of any description is a must for any user connecting to the
Internet.
 DPI proves to be a better security centric technology than SPI. However,
from a security point of view
 However, for a truly effective platform a dedicated hardware firewall with
DPI provides the best all-round solution and goes a long way to securing
networks from the more sophisticated and damaging Internet threats.

More Related Content

What's hot

IDS and IPS
IDS and IPSIDS and IPS
IDS and IPS
Santosh Khadsare
 
Cloud-forensics
Cloud-forensicsCloud-forensics
Cloud-forensics
anupriti
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)
Papun Papun
 
Digital forensics
Digital forensics Digital forensics
Digital forensics
vishnuv43
 
Digital Forensic ppt
Digital Forensic pptDigital Forensic ppt
Digital Forensic ppt
Suchita Rawat
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
Mithileysh Sathiyanarayanan
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
CAS
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
TayabaZahid
 
Network Forensics Intro
Network Forensics IntroNetwork Forensics Intro
Network Forensics Intro
Jake K.
 
Denial of Service Attack
Denial of Service AttackDenial of Service Attack
Denial of Service Attack
Dhrumil Panchal
 
Forensics of a Windows System
Forensics of a Windows SystemForensics of a Windows System
Forensics of a Windows System
Conferencias FIST
 
Autopsy Digital forensics tool
Autopsy Digital forensics toolAutopsy Digital forensics tool
Autopsy Digital forensics tool
Sreekanth Narendran
 
FireWall
FireWallFireWall
FireWall
rubal_9
 
Mobile Forensics
Mobile Forensics Mobile Forensics
Mobile Forensics
abdullah roomi
 
Network forensics and investigating logs
Network forensics and investigating logsNetwork forensics and investigating logs
Network forensics and investigating logs
anilinvns
 
Network Forensic
Network ForensicNetwork Forensic
Network Forensic
Sujeet Kumar
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes
Kranthi
 
Footprinting
FootprintingFootprinting
Footprinting
Duah John
 
Wired and Wireless Network Forensics
Wired and Wireless Network ForensicsWired and Wireless Network Forensics
Wired and Wireless Network Forensics
Savvius, Inc
 
Linux forensics
Linux forensicsLinux forensics
Linux forensics
Santosh Khadsare
 

What's hot (20)

IDS and IPS
IDS and IPSIDS and IPS
IDS and IPS
 
Cloud-forensics
Cloud-forensicsCloud-forensics
Cloud-forensics
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)
 
Digital forensics
Digital forensics Digital forensics
Digital forensics
 
Digital Forensic ppt
Digital Forensic pptDigital Forensic ppt
Digital Forensic ppt
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
Network Forensics Intro
Network Forensics IntroNetwork Forensics Intro
Network Forensics Intro
 
Denial of Service Attack
Denial of Service AttackDenial of Service Attack
Denial of Service Attack
 
Forensics of a Windows System
Forensics of a Windows SystemForensics of a Windows System
Forensics of a Windows System
 
Autopsy Digital forensics tool
Autopsy Digital forensics toolAutopsy Digital forensics tool
Autopsy Digital forensics tool
 
FireWall
FireWallFireWall
FireWall
 
Mobile Forensics
Mobile Forensics Mobile Forensics
Mobile Forensics
 
Network forensics and investigating logs
Network forensics and investigating logsNetwork forensics and investigating logs
Network forensics and investigating logs
 
Network Forensic
Network ForensicNetwork Forensic
Network Forensic
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes
 
Footprinting
FootprintingFootprinting
Footprinting
 
Wired and Wireless Network Forensics
Wired and Wireless Network ForensicsWired and Wireless Network Forensics
Wired and Wireless Network Forensics
 
Linux forensics
Linux forensicsLinux forensics
Linux forensics
 

Similar to Network packet analysis -capture and Analysis

Java Abs Packet Sniffer Tool
Java Abs   Packet Sniffer ToolJava Abs   Packet Sniffer Tool
Java Abs Packet Sniffer Tool
ncct
 
Firewall
FirewallFirewall
Network security
Network securityNetwork security
Network security
Sidiq Dwi Laksana
 
Passive monitoring to build Situational Awareness
Passive monitoring to build Situational AwarenessPassive monitoring to build Situational Awareness
Passive monitoring to build Situational Awareness
David Sweigert
 
Advance Technology
Advance TechnologyAdvance Technology
Advance Technology
Export Promotion Bureau
 
CSS (KNC-301) 4. Packet Filtering Firewall By Vivek Tripathi.pptx
CSS (KNC-301)  4. Packet Filtering Firewall By Vivek Tripathi.pptxCSS (KNC-301)  4. Packet Filtering Firewall By Vivek Tripathi.pptx
CSS (KNC-301) 4. Packet Filtering Firewall By Vivek Tripathi.pptx
VivekTripathi684438
 
Day4
Day4Day4
Day4
Jai4uk
 
FIREWALLS BY SAIKIRAN PANJALA
FIREWALLS BY SAIKIRAN PANJALAFIREWALLS BY SAIKIRAN PANJALA
FIREWALLS BY SAIKIRAN PANJALA
Saikiran Panjala
 
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsLayered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
Editor IJCATR
 
Chapter 12
Chapter 12Chapter 12
Chapter 12
cclay3
 
Firewall & packet filter new
Firewall & packet filter newFirewall & packet filter new
Firewall & packet filter new
Karnav Rana
 
Insights of vpn
Insights of vpnInsights of vpn
Insights of vpn
Harshika Rana
 
Firewall configuration
Firewall configurationFirewall configuration
Firewall configuration
Nutan Kumar Panda
 
Firewalls
FirewallsFirewalls
Firewall
FirewallFirewall
Firewall
ArchanaMani2
 
J1087181
J1087181J1087181
J1087181
IJERD Editor
 
International Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentInternational Journal of Engineering Research and Development
International Journal of Engineering Research and Development
IJERD Editor
 
Firewalls
FirewallsFirewalls
Ii2514901494
Ii2514901494Ii2514901494
Ii2514901494
IJERA Editor
 
Firewalls by Puneet Bawa
Firewalls by Puneet BawaFirewalls by Puneet Bawa
Firewalls by Puneet Bawa
Puneet Bawa
 

Similar to Network packet analysis -capture and Analysis (20)

Java Abs Packet Sniffer Tool
Java Abs   Packet Sniffer ToolJava Abs   Packet Sniffer Tool
Java Abs Packet Sniffer Tool
 
Firewall
FirewallFirewall
Firewall
 
Network security
Network securityNetwork security
Network security
 
Passive monitoring to build Situational Awareness
Passive monitoring to build Situational AwarenessPassive monitoring to build Situational Awareness
Passive monitoring to build Situational Awareness
 
Advance Technology
Advance TechnologyAdvance Technology
Advance Technology
 
CSS (KNC-301) 4. Packet Filtering Firewall By Vivek Tripathi.pptx
CSS (KNC-301)  4. Packet Filtering Firewall By Vivek Tripathi.pptxCSS (KNC-301)  4. Packet Filtering Firewall By Vivek Tripathi.pptx
CSS (KNC-301) 4. Packet Filtering Firewall By Vivek Tripathi.pptx
 
Day4
Day4Day4
Day4
 
FIREWALLS BY SAIKIRAN PANJALA
FIREWALLS BY SAIKIRAN PANJALAFIREWALLS BY SAIKIRAN PANJALA
FIREWALLS BY SAIKIRAN PANJALA
 
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsLayered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
 
Chapter 12
Chapter 12Chapter 12
Chapter 12
 
Firewall & packet filter new
Firewall & packet filter newFirewall & packet filter new
Firewall & packet filter new
 
Insights of vpn
Insights of vpnInsights of vpn
Insights of vpn
 
Firewall configuration
Firewall configurationFirewall configuration
Firewall configuration
 
Firewalls
FirewallsFirewalls
Firewalls
 
Firewall
FirewallFirewall
Firewall
 
J1087181
J1087181J1087181
J1087181
 
International Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentInternational Journal of Engineering Research and Development
International Journal of Engineering Research and Development
 
Firewalls
FirewallsFirewalls
Firewalls
 
Ii2514901494
Ii2514901494Ii2514901494
Ii2514901494
 
Firewalls by Puneet Bawa
Firewalls by Puneet BawaFirewalls by Puneet Bawa
Firewalls by Puneet Bawa
 

More from Manjushree Mashal

Career in cyber security
Career in  cyber securityCareer in  cyber security
Career in cyber security
Manjushree Mashal
 
Cyber security
Cyber securityCyber security
Cyber security
Manjushree Mashal
 
Cyber security
Cyber securityCyber security
Cyber security
Manjushree Mashal
 
Cyber attack
Cyber attackCyber attack
Cyber attack
Manjushree Mashal
 
Dos attack
Dos attackDos attack
Dos attack
Manjushree Mashal
 
Sql injection
Sql injectionSql injection
Sql injection
Manjushree Mashal
 
Xss attack
Xss attackXss attack
Xss attack
Manjushree Mashal
 
Network attacks
Network attacksNetwork attacks
Network attacks
Manjushree Mashal
 
TCP/IP FRAME FORMAT
TCP/IP FRAME FORMATTCP/IP FRAME FORMAT
TCP/IP FRAME FORMAT
Manjushree Mashal
 
Diabetic Retinopathy Analysis using Fundus Image
Diabetic Retinopathy Analysis using Fundus ImageDiabetic Retinopathy Analysis using Fundus Image
Diabetic Retinopathy Analysis using Fundus Image
Manjushree Mashal
 
Manjushree_EC_fresher_2016
Manjushree_EC_fresher_2016Manjushree_EC_fresher_2016
Manjushree_EC_fresher_2016
Manjushree Mashal
 
Tvws ppt 1
Tvws ppt 1Tvws ppt 1
Tvws ppt 1
Manjushree Mashal
 
Leaf chlorophyll concentration using random forest
Leaf chlorophyll concentration using random forestLeaf chlorophyll concentration using random forest
Leaf chlorophyll concentration using random forest
Manjushree Mashal
 
Vlsi design and fabrication ppt
Vlsi design and fabrication  pptVlsi design and fabrication  ppt
Vlsi design and fabrication ppt
Manjushree Mashal
 
underwater communication skills for the new way of devine(2)
 underwater communication skills for the new way of devine(2) underwater communication skills for the new way of devine(2)
underwater communication skills for the new way of devine(2)
Manjushree Mashal
 

More from Manjushree Mashal (15)

Career in cyber security
Career in  cyber securityCareer in  cyber security
Career in cyber security
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber attack
Cyber attackCyber attack
Cyber attack
 
Dos attack
Dos attackDos attack
Dos attack
 
Sql injection
Sql injectionSql injection
Sql injection
 
Xss attack
Xss attackXss attack
Xss attack
 
Network attacks
Network attacksNetwork attacks
Network attacks
 
TCP/IP FRAME FORMAT
TCP/IP FRAME FORMATTCP/IP FRAME FORMAT
TCP/IP FRAME FORMAT
 
Diabetic Retinopathy Analysis using Fundus Image
Diabetic Retinopathy Analysis using Fundus ImageDiabetic Retinopathy Analysis using Fundus Image
Diabetic Retinopathy Analysis using Fundus Image
 
Manjushree_EC_fresher_2016
Manjushree_EC_fresher_2016Manjushree_EC_fresher_2016
Manjushree_EC_fresher_2016
 
Tvws ppt 1
Tvws ppt 1Tvws ppt 1
Tvws ppt 1
 
Leaf chlorophyll concentration using random forest
Leaf chlorophyll concentration using random forestLeaf chlorophyll concentration using random forest
Leaf chlorophyll concentration using random forest
 
Vlsi design and fabrication ppt
Vlsi design and fabrication  pptVlsi design and fabrication  ppt
Vlsi design and fabrication ppt
 
underwater communication skills for the new way of devine(2)
 underwater communication skills for the new way of devine(2) underwater communication skills for the new way of devine(2)
underwater communication skills for the new way of devine(2)
 

Recently uploaded

22CYT12-Unit-V-E Waste and its Management.ppt
22CYT12-Unit-V-E Waste and its Management.ppt22CYT12-Unit-V-E Waste and its Management.ppt
22CYT12-Unit-V-E Waste and its Management.ppt
KrishnaveniKrishnara1
 
Low power architecture of logic gates using adiabatic techniques
Low power architecture of logic gates using adiabatic techniquesLow power architecture of logic gates using adiabatic techniques
Low power architecture of logic gates using adiabatic techniques
nooriasukmaningtyas
 
Technical Drawings introduction to drawing of prisms
Technical Drawings introduction to drawing of prismsTechnical Drawings introduction to drawing of prisms
Technical Drawings introduction to drawing of prisms
heavyhaig
 
PPT on GRP pipes manufacturing and testing
PPT on GRP pipes manufacturing and testingPPT on GRP pipes manufacturing and testing
PPT on GRP pipes manufacturing and testing
anoopmanoharan2
 
sieving analysis and results interpretation
sieving analysis and results interpretationsieving analysis and results interpretation
sieving analysis and results interpretation
ssuser36d3051
 
Harnessing WebAssembly for Real-time Stateless Streaming Pipelines
Harnessing WebAssembly for Real-time Stateless Streaming PipelinesHarnessing WebAssembly for Real-time Stateless Streaming Pipelines
Harnessing WebAssembly for Real-time Stateless Streaming Pipelines
Christina Lin
 
Exception Handling notes in java exception
Exception Handling notes in java exceptionException Handling notes in java exception
Exception Handling notes in java exception
Ratnakar Mikkili
 
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODELDEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
gerogepatton
 
digital fundamental by Thomas L.floydl.pdf
digital fundamental by Thomas L.floydl.pdfdigital fundamental by Thomas L.floydl.pdf
digital fundamental by Thomas L.floydl.pdf
drwaing
 
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECT
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECTCHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECT
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECT
jpsjournal1
 
Unbalanced Three Phase Systems and circuits.pptx
Unbalanced Three Phase Systems and circuits.pptxUnbalanced Three Phase Systems and circuits.pptx
Unbalanced Three Phase Systems and circuits.pptx
ChristineTorrepenida1
 
ACRP 4-09 Risk Assessment Method to Support Modification of Airfield Separat...
ACRP 4-09 Risk Assessment Method to Support Modification of Airfield Separat...ACRP 4-09 Risk Assessment Method to Support Modification of Airfield Separat...
ACRP 4-09 Risk Assessment Method to Support Modification of Airfield Separat...
Mukeshwaran Balu
 
bank management system in java and mysql report1.pdf
bank management system in java and mysql report1.pdfbank management system in java and mysql report1.pdf
bank management system in java and mysql report1.pdf
Divyam548318
 
Hierarchical Digital Twin of a Naval Power System
Hierarchical Digital Twin of a Naval Power SystemHierarchical Digital Twin of a Naval Power System
Hierarchical Digital Twin of a Naval Power System
Kerry Sado
 
This is my Environmental physics presentation
This is my Environmental physics presentationThis is my Environmental physics presentation
This is my Environmental physics presentation
ZainabHashmi17
 
DfMAy 2024 - key insights and contributions
DfMAy 2024 - key insights and contributionsDfMAy 2024 - key insights and contributions
DfMAy 2024 - key insights and contributions
gestioneergodomus
 
Swimming pool mechanical components design.pptx
Swimming pool  mechanical components design.pptxSwimming pool  mechanical components design.pptx
Swimming pool mechanical components design.pptx
yokeleetan1
 
Series of visio cisco devices Cisco_Icons.ppt
Series of visio cisco devices Cisco_Icons.pptSeries of visio cisco devices Cisco_Icons.ppt
Series of visio cisco devices Cisco_Icons.ppt
PauloRodrigues104553
 
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&BDesign and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Sreedhar Chowdam
 
A review on techniques and modelling methodologies used for checking electrom...
A review on techniques and modelling methodologies used for checking electrom...A review on techniques and modelling methodologies used for checking electrom...
A review on techniques and modelling methodologies used for checking electrom...
nooriasukmaningtyas
 

Recently uploaded (20)

22CYT12-Unit-V-E Waste and its Management.ppt
22CYT12-Unit-V-E Waste and its Management.ppt22CYT12-Unit-V-E Waste and its Management.ppt
22CYT12-Unit-V-E Waste and its Management.ppt
 
Low power architecture of logic gates using adiabatic techniques
Low power architecture of logic gates using adiabatic techniquesLow power architecture of logic gates using adiabatic techniques
Low power architecture of logic gates using adiabatic techniques
 
Technical Drawings introduction to drawing of prisms
Technical Drawings introduction to drawing of prismsTechnical Drawings introduction to drawing of prisms
Technical Drawings introduction to drawing of prisms
 
PPT on GRP pipes manufacturing and testing
PPT on GRP pipes manufacturing and testingPPT on GRP pipes manufacturing and testing
PPT on GRP pipes manufacturing and testing
 
sieving analysis and results interpretation
sieving analysis and results interpretationsieving analysis and results interpretation
sieving analysis and results interpretation
 
Harnessing WebAssembly for Real-time Stateless Streaming Pipelines
Harnessing WebAssembly for Real-time Stateless Streaming PipelinesHarnessing WebAssembly for Real-time Stateless Streaming Pipelines
Harnessing WebAssembly for Real-time Stateless Streaming Pipelines
 
Exception Handling notes in java exception
Exception Handling notes in java exceptionException Handling notes in java exception
Exception Handling notes in java exception
 
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODELDEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
 
digital fundamental by Thomas L.floydl.pdf
digital fundamental by Thomas L.floydl.pdfdigital fundamental by Thomas L.floydl.pdf
digital fundamental by Thomas L.floydl.pdf
 
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECT
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECTCHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECT
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECT
 
Unbalanced Three Phase Systems and circuits.pptx
Unbalanced Three Phase Systems and circuits.pptxUnbalanced Three Phase Systems and circuits.pptx
Unbalanced Three Phase Systems and circuits.pptx
 
ACRP 4-09 Risk Assessment Method to Support Modification of Airfield Separat...
ACRP 4-09 Risk Assessment Method to Support Modification of Airfield Separat...ACRP 4-09 Risk Assessment Method to Support Modification of Airfield Separat...
ACRP 4-09 Risk Assessment Method to Support Modification of Airfield Separat...
 
bank management system in java and mysql report1.pdf
bank management system in java and mysql report1.pdfbank management system in java and mysql report1.pdf
bank management system in java and mysql report1.pdf
 
Hierarchical Digital Twin of a Naval Power System
Hierarchical Digital Twin of a Naval Power SystemHierarchical Digital Twin of a Naval Power System
Hierarchical Digital Twin of a Naval Power System
 
This is my Environmental physics presentation
This is my Environmental physics presentationThis is my Environmental physics presentation
This is my Environmental physics presentation
 
DfMAy 2024 - key insights and contributions
DfMAy 2024 - key insights and contributionsDfMAy 2024 - key insights and contributions
DfMAy 2024 - key insights and contributions
 
Swimming pool mechanical components design.pptx
Swimming pool  mechanical components design.pptxSwimming pool  mechanical components design.pptx
Swimming pool mechanical components design.pptx
 
Series of visio cisco devices Cisco_Icons.ppt
Series of visio cisco devices Cisco_Icons.pptSeries of visio cisco devices Cisco_Icons.ppt
Series of visio cisco devices Cisco_Icons.ppt
 
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&BDesign and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
 
A review on techniques and modelling methodologies used for checking electrom...
A review on techniques and modelling methodologies used for checking electrom...A review on techniques and modelling methodologies used for checking electrom...
A review on techniques and modelling methodologies used for checking electrom...
 

Network packet analysis -capture and Analysis

  • 2. Contents Packet Capture Stateful Packet Inspection Deep Packet Inspection
  • 3. Introduction – Packet Capture  Packet capture is the process of intercepting and logging traffic.  Packet capture is the process carried out by a packet analyzer, also known as a protocol analyzer, network analyzer or packet sniffer.
  • 5. Varieties of packet sniffers Today, sniffers exist in two broad varieties:  The first is a stand-alone product incorporated into a portable computer  The second is part of a larger package of network monitoring hardware and software  Basically Commercial packet sniffers are used to help maintain networks.  Underground packet sniffers are used to break into computers.
  • 6. Advantage  Detection of Clear Text passwords and Username from the network which is human readable form.  Performance Analysis to discover network bottlenecks.  Network Intrusion detection in order to discover hackers.  Used to debug communication between a client and a server.  Help in identifying who is communicating with whom and what data is sent and received over the network.  Used to make network more secure - In order to come through to your network, it must pass through the packet sniffer.  Used in identify network problems before they become serious.
  • 7. Packet Capturing Tools Best packet sniffers and network analyzers  Tcpdump  solarwinds  Windump  Wireshark  tshark  Network Miner  Fiddler  Capsa
  • 8. Application  Analyzing the band with used.  Determining the hackers if any are trying to access .  Know the ip address of different systems connected to your system  Analyse the traffic flowing through the network
  • 9. Disadvantage  Configuring your network device to read all network packets that arrive which might contain trojan horses.  Act as open doors to allow intruders access to your confidential data and network files.
  • 10. Introduction – Packet Analyzer  A packet analyzer is a computer application used to track, intercept and log network traffic that passes over a digital network.  It analyzes network traffic and generates a customized report to assist organizations in managing their networks.  Packet analyzers also may be used by hackers to intrude on networks and steal information from network transmissions.  A packet analyzer is also known as a sniffer, network analyzer or protocol analyzer
  • 11. Network Packet Analysis Tools Mainly classified as Two types  SPI – STATEFUL PACKET INSPECTION  DPI – DEEP PACKET INSPECTION
  • 12. STATEFULL PACKET INSPECTION  Stateful Packet Inspection (SPI) works at the network layer of the OSI model  Examines some very basic information contained within the packet, such as the packet header, packet footer and also determines if the packet belongs to a valid session.  Stateful inspection is a type of packet filtering that helps to control how data packets move through a firewall.
  • 13. Strengths :  Like packet filtering firewalls, have very little impact on network performance.  More secure than basic packet filtering firewalls. Because stateful packet inspection digs deeper into the packet header information to determine the connection state between endpoints.  Usually it have some logging capabilities. Logging can help identify and track the different types of traffic that pass though the firewall
  • 14. How Secure is SPI  SPI only Control Incoming Traffic and wont be able to prevent attacks from web browsers, Trojans etc.  stateful packet inspection does not break the client/server model and therefore allows a direct connection to be made between the two endpoints  Rules and filters in this packet screening method can become complex, hard to manage, prone to error and difficult to test.
  • 15. Deep Packet Inspection  Deep packet inspection functions at the application layer of the Open Systems Interconnection (OSI) reference model.  DPI is an intelligent firewalling feature that forms part of the integrated security suite.  Deep Packet Inspection (DPI) – Removes the header information from a packet to inspect the actual contents of the packet.  Capable of inspecting layers 2 – 7 of the OSI model.
  • 16. STRENGTH:  Acts as a Network Security Tool.  Deep packet inspection can also be used in network management to streamline the flow of network traffic.  DPI engines can also employ signature matching, stealth payload detection and numerous other security capabilities
  • 17. How Secure is DPI  It can create new vulnerabilities in addition to protecting against existing ones.  Deep packet inspection adds to the complexity and unwieldy nature of existing firewalls and other security-related software.  DPI can reduce network speed because it increases the burden on firewall processors.  Despite these limitations, many network administrators have embraced deep packet inspection technology in an attempt to cope with a perceived increase in the complexity and widespread nature of internet-related perils
  • 18. Conclusion  A firewall of any description is a must for any user connecting to the Internet.  DPI proves to be a better security centric technology than SPI. However, from a security point of view  However, for a truly effective platform a dedicated hardware firewall with DPI provides the best all-round solution and goes a long way to securing networks from the more sophisticated and damaging Internet threats.

Editor's Notes

  1. Packet capture is a computer networking term for intercepting a data packet that is crossing or moving over a specific computer network.  Once a packet is captured, it is stored temporarily so that it can be analyzed. The packet is inspected to help diagnose and solve network problems and determine whether network security policies are being followed.  Hackers can also use packet capturing techniques to steal data that is being transmitted over a network.
  2. A packet sniffer can also be used on the Internet to capture data traveling between computers. Internet packets often have very long distances to travel, passing through several routers that act like intermediate post offices. A packet sniffer might be installed at any point along the way. It could also be clandestinely installed on a server that acts as a gateway or collects vital personal information.
  3. Adding to normal bandwidth monitoring capabilities based on SNMP, PRTG allows administrators to discern actual bandwidth usage based on multiple parameters, such as source and destination IP addresses, MAC addresses, port numbers, protocols, etc., using packet sniffing. Furthermore, PRTG's packet sniffing functionality can be used to generate top lists, which enable administrators to recognize detailed usage trends, sources and destinations of individual communications via the network, as well as the details of the traffic flowing within said network.
  4. Firewalls using SPI also check to see what connections have been established from the inside of the network to the Internet, using that information to determine if there is an open connection related to the packet before allowing the packet to traverse the firewall and into the internal network. If the packet fails to meet any of the basic requirements set forth by the firewall, it will be rejected. Stateful inspection has largely replaced an older technology, static packet filtering. In static packet filtering, only the headers of packets are checked -- which means that an attacker can sometimes get information through the firewall simply by indicating "reply" in the header. Stateful inspection, on the other hand, analyzes packets down to the application layer. By recording session information such as IP addresses and port numbers, a dynamic packet filter can implement a much tighter security posture than a static packet filter can. Stateful inspection monitors communications packets over a period of time and examines both incoming and outgoing packets. Outgoing packets that request specific types of incoming packets are tracked and only those incoming packets constituting a proper response are allowed through the firewall. In a firewall that uses stateful inspection, the network administrator can set the parameters to meet specific needs. In a typical network, ports are closed unless an incoming packet requests connection to a specific port and then only that port is opened. This practice prevents port scanning, a well-known hacking technique
  5. DPI combines signature-matching technology with analysis of the data in order to determine the impact of that communication stream. DPI takes the incoming packets apart, examines the data, comparing with set criteria, and then re-assembles the packet. The ASIC chip in the FortiGate firewall (also used for Bitcoin mining) allows this type of fire walling to be done quickly, efficiently and without degrading the speed of network traffic. Router and software firewalls simply do not have the necessary power to perform this level of deep packet inspection.
  6. irst, it can create new vulnerabilities in addition to protecting against existing ones. While effective against buffer overflow attacks, denial-of-service (DoS) attacks and certain types of malware, DPI can also be exploited to facilitate attacks in those same categories. Second, deep packet inspection adds to the complexity and unwieldy nature of existing firewalls and other security-related software. Deep packet inspection requires its own periodic updates and revisions to remain optimally effective. Third, DPI can reduce network speed because it increases the burden on firewall processors. Despite these limitations, many network administrators have embraced deep packet inspection technology in an attempt to cope with a perceived increase in the complexity and widespread nature of internet-related perils.