logo

Cyber Operations: Analysis of Network Traffic and Packet Capture using Wireshark

25 Pages2170 Words279 Views
   

Added on  2023-04-21

About This Document

This document provides a detailed analysis of network traffic and packet capture using Wireshark in the context of Cyber Operations. It covers topics such as network boundaries, active nodes, external sources, types of traffic, protocols, and activity narratives for identifying attacks. The document also includes step-by-step instructions for installing and operating Wireshark.

Cyber Operations: Analysis of Network Traffic and Packet Capture using Wireshark

   Added on 2023-04-21

ShareRelated Documents
1Cyber Operations
CYBER OPERATIONS
By (Student names)
[Course Name]
[Lecture Name]
[University Name]
[City where the university is located]
[Date]
Cyber Operations: Analysis of Network Traffic and Packet Capture using Wireshark_1
2Cyber Operations
Table of Contents
1 Introduction..............................................................................................................................3
2 Wireshark.................................................................................................................................4
2.1 Installation.........................................................................................................................4
2.2 Wireshark tool Operation................................................................................................11
3 Statistical analysis..................................................................................................................12
3.1 Network boundaries........................................................................................................12
3.2 Active nodes....................................................................................................................13
3.3 External sources..............................................................................................................15
3.4 Type of traffic.................................................................................................................16
3.5 Protocols..........................................................................................................................20
4 Activity narrative and attack identification............................................................................20
4.1 Distributed denial of service (DDOS) attacker...............................................................20
4.2 Activity narrative............................................................................................................21
4.3 Attack identification........................................................................................................21
5 Attack explanation..................................................................................................................21
5.1 Address resolution protocol (ARP) poisoning attacker..................................................21
Reference.......................................................................................................................................22
Cyber Operations: Analysis of Network Traffic and Packet Capture using Wireshark_2
3Cyber Operations
1 Introduction
The computer network is one of the most essential facilities that is used currently in the most of
the organizations where it is used in the various ways which includes the sharing of the
resources, communication and also for records management. Due to high risk associated with the
installed network, the network analysis is done to identify any form of attack or threat using the
analysis tools which are used to capture the packets for analysis.
The data packets captures computer network term which refers to interception of the network
data packets that in a certain time moves or cross over a specified computer networks, the
captured data packet is then stored for further analysis which involves the diagnosing and solving
the networks problems and to determine if the network policies are well followed. However in
some cases the hackers may utilize the computer packet captures technique in order to steal data
which is transmitted over the computer network.
Therefore the provided file will be analyzed to determine the overall network traffics and
performance , however in order to examine and do capture the real time running packets over the
network there are various capturing techniques that are used which includes using the wire shark
tool.
The filtering is a type of packet capturing where it filters the network nodes/ devices where some
data get captured, however the tools can be able to capture the complete packet which carries
both the payload and the header.
The payload represents the real contents of the data packets and the packet header represents the
packet sources and destinations addresses.
Therefore the following are the applications of the packet capture analysis:
i. Network security: The packet captures identifies the security flaws and breaches
through the intrusion determinations.
ii. Identifying Network data leakages: The packet capture analysis is able to ascertain
the points of leakage and the sources.
iii. Network troubleshooting: The packet captures troubleshoot detect the occurrence of
any event that is undesirable and also assist in solving them.
Cyber Operations: Analysis of Network Traffic and Packet Capture using Wireshark_3
4Cyber Operations
iv. Identification of data/packets loss: The capture analysis also helps the network
administrators in the retrieval and restoration of the stolen/lost information using the
capturing tools and techniques.
v. The Forensic audit: This is where the capture analysis is used in detection of the
extents of the network problems in case of the network virus and worms or intrusions
attacks.
The analysis of the provided packets capture will be done using the wireshark network analysis
tool as discussed below.
2 Wireshark
The wireshark is the network packet capture analysis tool that captures and analyses the network
traffics that is transmitted over the computers network interfaces cards (NIC), therefore to
capture the network packets one requires to set the network card promiscuously in order to read
the network traffics addressed to the computers.
Therefore the wireshark tool will be used to do the troubleshooting networks, analyzing
networks, and the determining the communications protocols.
Below are the processes of installing, operating, opening capture file and performing the network
packet analysis.
2.1 Installation
The below are the steps followed in the installation of the wireshark tool to be used to analyse
the capture file.
i. Opening web-browser
ii. Enter following website link https://www.wireshark.org/.
iii. Then click on the download wire shark link to get setup.
iv. Then download the setups as below.
Cyber Operations: Analysis of Network Traffic and Packet Capture using Wireshark_4
5Cyber Operations
v. Then install the setup by double clicking it and proceed as fellows.
vi. Click run button to start installations process.
vii. Click yes and next to proceed.
Cyber Operations: Analysis of Network Traffic and Packet Capture using Wireshark_5
6Cyber Operations
viii. Click “I agree” and “Next” to continue.
Cyber Operations: Analysis of Network Traffic and Packet Capture using Wireshark_6

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Deep Packet Analysis Using Wireshark
|29
|1605
|25

DIGITAL FORENSICS - IFN643 Assignment 2 Executive Summary Packet Filtering
|67
|8588
|396

Computer Networks - Statistical Analysis
|12
|2176
|17

Cyber Operations | Report-1
|11
|2238
|15

Wireshark: A Comprehensive Guide to Network Traffic Analysis
|23
|1709
|177

Network Analysis Using Wireshark for Networked Application Management
|36
|2887
|458