Network Traffic Analysis: Using Network Miner, Wireshark, Snort, And Essay.

Captured file in Wireshark

The aim of this report is performing the lab on Kali-Hunt VM and Win-Hunt VM. The pcap file will be analysed. For the analysis tools like Network miner, Wireshark and Snort will be used and the given questions will be answered along with screenshots. From the analysis the story of captured file will be written as well as the captured file will be run through snort so that any triggered alerts can be triggered.

For doing the analysis Network Miner will be used which is an open source Network Forensics Analysis Tool for Windows OS however the tools is also accessible for operating systems like FreeBSD, MAC OS X. The tool can be utilized as a packet capturing tool, passive network sniffer for detecting the sessions, operating systems, open ports and host names etc.  that too without even putting any kind of traffic on the network (Adebayo, Olawale Surajudeen, et al., 2020). Network Miner can also parse the PCAP file for off line analysis as well as for regenerating or reassembling the certificates and transmitted files from the PCAP files. The tool can make the things easy for performing advanced network traffic analysis through providing extracted artifacts in the intuitive user interface (Sanders, Chris, 2017). The way the data is presented can not only make the process of analysis simpler but also it is helpful for saving valuable time for the forensic investigator or analyst.

Along with Netminer Wireshark tool will be also used which is also a free and open source tool that can analyse the coming traffic in the network in real time for the Mac, Windows, Linux and Unix based systems (Kaur, Prabhjot, and Neeti Misra, 2019). The tool can also capture data packets which are passing by the interface of the network such as SDRs, LANs or Ethernet as well as it can also translate the data in to valuable information for the IT professionals as well as cyber security teams. The tool can provide a series of various display filters for transforming every packets which are captured in to a readable format. It can provide allowance the users for identifying the causes of issues existed in network security as well as even discover the potential cyber criminal activities. When a packet sniffer is used in the promiscuous mode the users can make analysis of the network traffic regarding of the destination (Pansari, Nikunj, and Ajay Agarwal, 2020). It provides the power to the IT professionals in performing a quick and through diagnosis of the security of the network.

Lastly Snort tool will be used for finding if any triggered alerts can be triggered. The tool can be used a straight packet sniffing tool, a packet logger or like a full blown intrusion detection system for network.

Captured file in Wireshark:

:

Question a)

Answer: 505.69 seconds

Question b)

Answer: 2449

Question c)

Answer: 811157 bytes

Question d)

Answer: ARP, Browser, DHCP, DNS, FTP, FTP-DATA, HTTP, MDNS, NBNS, SSLv2, SSLv3, TCP, TiVoConnect, UDP

Question e)

Answer: 94 - 115

Question f)

Answer: TCP SYN-ACK Handshaking protocol

Question g)

Answer: Yes, Yahoo/AOL

Question h)

Answer: Name of host computer: KAUFMANUPSTAIRS; IP address: 172.16.1.35

Question i)

Answer: WINDOWS XP

Question j)

Answer: cisco

Question k)

Answer: DVR 8525, KAUFMANUPSTAIRS, Cisco-LI (main router), 2WireInc (modem), Linksys G

Question l)

Answer: No

Question m)

Answer: DVR(Tivo) , 2 modems

-r command is telling the Snort tool to read a single pcap

-c command is telling Snort to load the configuration file

cd Desktop/Snort/bin

snort -r C:UsersAdministratorDesktop[3523_Lab2_Capture_file.pcap] -c 172.16.2.2sharedfilesSnortetcsnort.conf

Conclusion:

Thus, it can be concluded from the report that in this paper the pcap file has been analysed using windows VM. For that tools like Network Miner, Wireshark and Snort has been used. The screenshots for the analysis have also been provided and the lab questions have also been answered.

Adebayo, Olawale Surajudeen, et al. "Analysis and Classification of some Selected Social media Apps Vulnerability. Springer. Book collection of International conference on Information and Communication. Part of the Communications in Computer and Information Science book series." (2020).

Susianto, Didi, and Anisa Rachmawati. "Implementasi Dan Analisis Jaringan Menggunakan Wireshark, Cain And Abels, Network Minner." Jurnal Cendikia 16.2 Oktober (2018): 120-125.

Sanders, Chris. Practical Packet Analysis, 3E: Using Wireshark to Solve Real-World Network Problems. No Starch Press, 2017.

RAUT, Mrs JUITA TUSHAR. "PERFORMANCE BASED COMPARATIVE ASSESSMENT OF DIFFERENTSECURITY TOOLS FOR WEB APPLICATION." (2020).

Kaur, Prabhjot, and Neeti Misra. "A Methodical Review on Network Traffic Monitoring & Analysis Tools." A Journal of Composition Theory 12.9 (2019): 1964-1968.

Zain ul Abideen, Muhammad, Shahzad Saleem, and Madiha Ejaz. "VPN Traffic Detection in SSL-Protected Channel." Security and Communication Networks 2019 (2019).

Letavay, Viliam, Jan Pluskal, and Ond?ej Ryšavý. "Network Forensic Analysis for Lawful Enforcement on Steroids, Distributed and Scalable." Proceedings of the 6th Conference on the Engineering of Computer Based Systems. 2019.

Pansari, Nikunj, and Ajay Agarwal. "A Comparative Study of Analysis and Investigation using Digital Forensics." International Journal of Linguistics and Computational Applications (IJLCA) 7.2 (2020).