EDUCATION

Network Packet Analyzer : 666896

- by admin

Question:

Discuss about the Network Packet Analyzer.

Answer:

Wireshark, formerly known as Ethereal, is one of the most powerful tools in a network security analyst’s toolkit. As a network packet analyzer, Wireshark can peer inside the network and examine the details of traffic at a variety of levels, ranging from connection-level information to the bits comprising a single packet. This flexibility and depth of inspection allows the valuable tool to analyze security events and troubleshoot network security device issues. It’s also priced right: it’s free!

 

IP TIMESTAMP PE RESOURCE RESPONSE PORT URI USER AGENT
101.92.120.16 Tue Feb 22 15:04:23 UTC 2017 GET /_css/master.1334356838.css HTTP/1.1 200 6981 http://www.linkedin.com Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:23.0) Gecko/20131011 Firefox/23.0
101.92.120.16 Tue Feb 22 15:32:14 UTC 2017 GET /_css/master.1334356838.css HTTP/1.1 200 7018 http://www.linkedin.com Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1467.0 Safari/537.36
101.92.120.16 Tue Feb 22 15:54:22 UTC 2017 GET /_css/master.1334356838.css HTTP/1.1 200 6976 http://www.linkedin.com Galaxy/1.0 en (Mac OS X 10.5.6; U; en)
101.92.120.16 Tue Feb 22 16:07:39 UTC 2017 GET /_css/master.1334356838.css HTTP/1.1 200 7029 http://www.linkedin.com Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:23.0) Gecko/20131011 Firefox/23.0
101.92.120.16 Tue Feb 22 16:46:39 UTC 2017 GET /_css/master.1334356838.css HTTP/1.1 200 6900 http://www.google.com/url?sa=t&rct=j&q=log%20reduce&source=web&cd=4 Mozilla/5.0 (BlackBerry; U; BlackBerry 9900; en) AppleWebKit/534.11+ (KHTML, like Gecko) Version/7.1.0.346 Mobile Safari/534.11+
101.92.120.16 Tue Feb 22 17:27:51 UTC 2017 GET /_css/master.1334356838.css HTTP/1.1 200 6963 http://www.google.com/url?sa=t&rct=j&q=log%20management&source=web&cd=4 Mozilla/5.0 (Linux; U; Android 2.3.4; en-us; SCH-R720 Build/GINGERBREAD) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1
101.92.120.16 Tue Feb 22 17:30:15 UTC 2017 GET /_css/master.1334356838.css HTTP/1.1 200 6953 http://www.google.com/url?sa=t&rct=j&q=log%20management&source=web&cd=4 Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1467.0 Safari/537.36
101.92.120.16 Tue Feb 22 18:22:13 UTC 2017 GET /_css/master.1334356838.css HTTP/1.1 200 6911 http://www.google.com/url?sa=t&rct=j&q=anomaly%20detection&source=web&cd=4 Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1467.0 Safari/537.36
101.92.120.16 Tue Feb 22 18:44:00 UTC 2017 GET /_css/master.1334356838.css HTTP/1.1 200 6968 http://www.google.com/url?sa=t&rct=j&q=anomaly%20detection&source=web&cd=4 Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1467.0 Safari/537.36
101.92.120.16 Tue Feb 22 18:44:17 UTC 2017 GET /_css/master.1334356838.css HTTP/1.1 200 7014 http://www.google.com/url?sa=t&rct=j&q=anomaly%20detection&source=web&cd=4 SAMSUNG-C5212/C5212XDIK1 NetFront/3.4 Profile/MIDP-2.0 Configuration/CLDC-1.1
101.92.120.16 Tue Feb 22 19:02:41 UTC 2017 GET /_css/master.1334356838.css HTTP/1.1 200 6930 http://www.bing.com/search?q=sumo%20logic&src=IE-SearchBox&FORM=IE11SR Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:23.0) Gecko/20131011 Firefox/23.0
101.92.120.16 Tue Feb 22 19:23:35 UTC 2017 GET /_css/master.1334356838.css HTTP/1.1 200 6984 http://www.bing.com/search?q=sumo%20logic&src=IE-SearchBox&FORM=IE11SR Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1467.0 Safari/537.36
101.92.120.16 Tue Feb 22 19:38:04 UTC 2017 GET /_css/master.1334356838.css HTTP/1.1 200 6978 http://www.bing.com/search?q=sumo%20logic&src=IE-SearchBox&FORM=IE11SR Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/4.0; InfoPath.2; SV1; .NET CLR 2.0.50727; WOW64)

Wireshark is a robust program that allows for the following:

  • Using filters can greatly assist in narrowing data, as Wireshark tends to generate a lot of data that may not all be useful.
  • Wireshark can read live data from multiple network types, including Ethernet and IEEE 802.11.
  • Wireshark can capture raw USB traffic.
  • Wireshark has a GUI for analysis; however it also has a command line version called TShark.
  • Data can be captured directly from a live network or read from already-captured packets.
  • VoIP calls and their data can be captured from network traffic. If the encoding is compatible, the VoIP media can even be played.

 

In the scope of a digital forensics-based investigation, Wireshark can be immensely helpful, especially in finding and displaying emails that could be potential evidence. For example, Wireshark can be used to catch a suspect who is stealing a victim’s wireless Internet to make fraudulent online purchases. By using Wireshark as a network monitoring tool, it is possible to find the IP or MAC address of the suspect, and to see what sites he or she is visiting. Additionally, it may be possible to recover emails and other potentially sensitive and incriminating information that the suspect is sending over the network. When used in conjunction with other forensics tools, such as aircrack_ng (a tool that concentrates on examining wireless traffic versus Ethernet), it is possible to enhance the usefulness of Wireshark to make it an effective forensic network analysis tool.

 

 

The CSV file is converted into the easily understandable excel file. The same file is attached below.

 

 

 

 

FORMAT

IP TIMESTAMP PE RESOURCE RESPONSE PORT URI USER AGENT
101.92.120.16 Tue Feb 22 15:04:23 UTC 2017 GET /_css/master.1334356838.css HTTP/1.1 200 6981 http://www.linkedin.com Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:23.0) Gecko/20131011 Firefox/23.0
101.92.120.16 Tue Feb 22 15:32:14 UTC 2017 GET /_css/master.1334356838.css HTTP/1.1 200 7018 http://www.linkedin.com Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1467.0 Safari/537.36
101.92.120.16 Tue Feb 22 15:54:22 UTC 2017 GET /_css/master.1334356838.css HTTP/1.1 200 6976 http://www.linkedin.com Galaxy/1.0 en (Mac OS X 10.5.6; U; en)
101.92.120.16 Tue Feb 22 16:07:39 UTC 2017 GET /_css/master.1334356838.css HTTP/1.1 200 7029 http://www.linkedin.com Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:23.0) Gecko/20131011 Firefox/23.0

 

 

TIMESTAMP
Tue Feb 22 15:00:22 UTC 2017
Tue Feb 22 15:00:23 UTC 2017
Tue Feb 22 15:00:27 UTC 2017

 

Tue Feb 22 23:33:24 UTC 2017
Tue Feb 22 23:33:26 UTC 2017
Tue Feb 22 23:33:28 UTC 2017
Tue Feb 22 23:33:31 UTC 2017

 

 

 

URI

 

http://www.linkedin.com

 

http://www.google.com/url?sa=t&rct=j&q=log%20reduce&source=web&cd=4

 

http://www.bing.com/search?q=sumo%20logic&src=IE-SearchBox&FORM=IE11SR

 

http://www.bing.com/search?q=SIEM&src=IE-SearchBox&FORM=IE11SR

 

http://www.bing.com/search?q=monitoring%20dashboards&src=IE-SearchBox&FORM=IE11SR

 

http://www.accel.com

 

http://search.yahoo.com/mobile/s?rewrite=72&.tsrc=apple&first=1&p=sumologic.com&pintl=en

 

 

 

IP

 

101.92.120.16

 

147.106.118.104

 

161.71.8.142

 

19.174.45.8

34.87.4.6

 

65.98.119.36

 

 

RESOURCE
/_css/master.1334356838.css HTTP/1.1
/_css/master.1334356838.css HTTP/1.1

 

/_downloads/Datasheet.pdf HTTP/1.1

 

/_includes/follow/follow_us.php HTTP/1.1

 

 

/_includes/wp/blog/wp-content/themes/sumologic/style.css HTTP/1.1

 

/_js/master.1332956664.js HTTP/1.1

 

 

/_media/company_logo.png HTTP/1.1

 

/_media/play_button_gray.png HTTP/1.1

 

/_media/resource_thumb_video_my_v2_homepage.jpg HTTP/1.1

 

/aboutus/ HTTP/1.1

 

/shopping/cart/confirm.jsp HTTP/1.1

Related Posts

AC-DC On-Board Battery Charger-2344804

Statistics-2324069

The impact of Artificial Intelligence in marketing — Content Development-2334670

About admin

View all posts by admin →