logo

Report on Network Forensics

   

Added on  2020-05-04

12 Pages1261 Words65 Views
Running Head: NETWORK FORENSICS1NETWORK FORENSICSName:Professor:Course:Date:

NETWORK FORENSICS2ContentsIntroduction...................................................................................................................................2DNS Errors....................................................................................................................................3Analysis by packettotal.com..........................................................................................................4Analyzing the DNS Query Traffic on Wireshark..........................................................................6Outcome from the Wireshark evaluation...................................................................................9Analysis by Networktotal.com....................................................................................................10References...................................................................................................................................11

NETWORK FORENSICS3IntroductionTo begin the analysis of the DNS traffic in the given captured traffic file, we need to fire up Wireshark and then examine the .pcap file. We then go ahead to observe the capture through the Wireshark packet list pane. The traffic on the pane contains different protocols that were captured at different times. For reasons of determining if there was a suspicious activity, we will not have to take much time checking on every capture one by one (Chapell, 2013). We shall utilize the filter to find for any DNS Errors in the captured packets.DNS ErrorsOn selecting a response packet in Wireshark, for this instance, the second packet is a response. To check for errors, we look into the Domain Name System in the packet details pane. The response code exists inside the flags section in the DNS response. The reply code field inside the flags section is set to zero (0). This means that there is no error in the response packet. Anything other than a zero then it’s a problem. Now to check on all the packets to find for DNS errors, on the filter, we type in “dns.flags.rcode !=0” on applying this, we find that thistrace file has no DNS errors.

NETWORK FORENSICS4No error in DNS response

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
DIGITAL FORENSICS - IFN643 Assignment 2 Executive Summary Packet Filtering
|67
|8588
|396

Cyber Operations | Report-1
|11
|2238
|15

Wireshark Network Traffic Analysis
|9
|1507
|432

Wireshark Capture Filter Assignment
|7
|661
|411

COMPUTER SCIENCE.
|4
|476
|1

Computer Networks - Statistical Analysis
|12
|2176
|17