SlideShare a Scribd company logo

A Deeper Look into Network Traffic Analysis using Wireshark.pdf

Jessica Thompson
Jessica Thompson

This document discusses network traffic analysis using Wireshark. It begins with an introduction to how network traffic analysis is important for performance optimization, network forensics, penetration testing, and ensuring integrated systems work properly. It then discusses how traffic analysis can be used maliciously by attackers to obtain sensitive information like passwords and files. The document goes on to explain how Wireshark can be used for both legitimate network analysis and malicious attacks, and describes different types of network attacks like passive and active attacks. It also discusses methods attackers can use to sniff network traffic on a switch. The document concludes with recommendations for countermeasures like access restrictions, encryption, and switch security features.

Education
1 of 4
Download to read offline
1
2
3
4
A Deeper Look into Network Traffic Analysis using Wireshark ∗Muhammed Alfawareh King Hussein School of Computing Sciences Princess Sumaya University for Technology,Amman,Jordan Abstract— Networks and the Internet are the backbones of the businesses in terms of sending and receiving data, as it saves time, effort and cost. And using traffic analysis performance issues can be optimized, network Forensics and spam can be detected, network proofing with penetration Testing can be done, policies can be formed to accommodate with using habits, and integrated systems can be made sure they deliver the data.Traffic analysis can also be used for malicious intents, it can be used to monitors the contents of the transmitted data like password, file names and communication parties, this paper will discuss all of these things how the attacker can obtain the traffic ,also will discuss some countermeasures to reduce this risk . Keywords: Wireshark, Traffic Analyzing ,Hijack attacks. I. INTRODUCTION Networks and the Internet are the backbone of business in term of sending and receiving data, as it saves time, effort and cost,Analysis of the network traffic is one of the most important tools used in network for performance analysis and detection of problems such as slow network and detect the spammer cause problems in the network, but at the same time double-edged weapon where it is the most important and dangerous tools used by the adversary to obtain information that helps them in gaining unauthorized access and stealing valuable informations [1] . A. Traffic Analysis Traffic analysis is collection of process intercepting and examining packets in order to extract the information from communication parties . It can be performed even when the communication are encrypted and cannot be decrypted. Traffic analysis can be performed in the context of military intelligence or counter-intelligence, and is a concern in computer security. We can know the communion parties, time of conversation, and we can obtain helpful information , passwords,file names,etc.. Traffic analysis is a special type of inference attack technique that looks at communication patterns between entities in a system[1,2]. B. Wireshark Wireshark ( Previously was known as Ethereal). Wire shark is one of the best efficient tools are used for traffic analyzing, this tool is free ,open source and compatible with all platforms, based on libpcap. It is widely used in network to solve the problems like performance issues , the issues be- tween integrated system like Avaya Communication manager and tiger system in hotels, Also we can use the wireshark in network forensics and by network professionals as well as educators. this tool support several type of protocols, such as TCP, IP, ARP and HTTP[1-3]. • Performance Issues: the most famous issue on the companies is slow connection to the web server,the complexity is every team (Networks, System adminis- trators, developers and security )in the company say the problem on the other team,so the Wireshark is helpful tool ,by analyzing the traffic in all path in the same time , problems can be determined. • Integrated System: the major problem in integrated systems synchronization and losing the data , but using powerful tools like wireshark we can determine the cause of problem by runing the wireshark in both sides in the same time . • Network Forensics: some companies they have bad employs , try to manipulate by the network and the systems , by sending Spam packets to all network ,and some of them send data related to the company to outside the company to give it to the compositor,So to fired these guys you need hard evidence , so using Traffic analyzer like the wireshark using costume filters we can determine these bad guys[4]. • Formulation of policies: using Wireshark we can determine the major sites visited by the Employee in the companies , based on the result of analysis we can formulate policy to prevent them from access those sites. • Penetration Testing: Wireshark tool enables the penetration tester to discover the flaws and breaches in the system security at user level authentication ,Also allows to ensures that imple- mentation of the system followed the standard[6]. • Education : WireShark is one of the most effective tools that help us in understanding and studying communication pro- cesses. For example How the clients get ip address from DHCP server?.DHCP is one of the most protocols used in the world in both LAN and WLAN networks, this protocol assigns parameters to the clients automatically, help the administrators from going to the devices and assign IP addresses.Also, it reduces IP addresses conflict issue. parameters are exchanged between the client and server in 4 stages as shown in figure 1[7]. II. NETWORK ATTACKS The attacker can lunch server hijacks attack using traffic analysis ,these attacks can be classified into two types:-
Fig. 1. DHCP Lease Allocation Process. Fig. 2. Passive Attack. • Passive Attacks • Active Attacks A. Passive attack This attack occurs without Knowledge and touch the victim as shown in figure 2 ,where the attacker listen to the conversation,then analyze the information using packet analyzer and get helpful information like passwords, cookies, name files, sites visited by the victim , and even the attacker able to reconstruct the voice over IP (VOIP) conversations , as you can see in figure 3[8-9]. B. Active Attacks This type occurs without Knowledge the victim where the attacker the will touch the data of the victim and change the meaning and content,it can be implemented by several way Fig. 3. VOIP Conversation Fig. 4. Active Attack . like Arp spoofing, IP spoofing ..etc ,in this cases the attacker act as Man in the middle ,as shown in figure 4 [8-9]. III. METHODS TO SNIFF ON SWITCH Now we are going to discuss the methods that can be used to sniff the packets on the switch, being an intelligent device. A. ARP Spoofing As we Know the Communication on L2 using the MAC Address , In most scenarios when we want to send /receive data we need the destination mac address , So we used the ARP protocol the main problem with this protocol is stateless, which means any device connected on the switch can lunch reply packet pretend he is the destination mac address or the gateway, in this way we poised the cash entry on the victim machine and on the SW, therefore Any packet send from any machine to different network the attacker can take copy from packets[10-11]. B. MAC-Flooding The switch is an smart device , contain Mac address table , mapping between the mac address and the port number , Therefore when the the sender send data this data will forward to the destination based on the mac table , but the main problem the Switches have limitation on the number of recodes on the mac table , therefore the attacker can use tools like hping3 generate massive number of mac addresses,in this case the switch will become like the hub(Dumy device) , will forward copy of the data to all devices connected on the switch , the attacker one of them[11]. C. Port Mirroring Is a method of monitoring network traffic. With port mirroring enabled, the switch sends a copy of all network packets seen on one port (or an entire VLAN) to another port, where the packet can be analyzed.As you can see in figure 5.In this type the attacker need to Access the switch either direct connection using console or remotely using Management protocol like HTTP, Telnet, SSH, and add couple of command to the switch to take a copy from the victim traffic to the attacker machine[11-12].
Fig. 5. Port mirroring Architecture . Fig. 6. Hardware Wired Tool kit Connections. Fig. 7. Alfa Tool Kit For wireless connections . D. Hardware Tool kits In this type the attacker use hardware tool and connect the kit to the victim cable , As shown figures 6,7. We can use another tool kit As shown in figure if the attacker connected by Wifi to the network IV. COUNTERMEASURES When the IT Staff Implement the network, they should aware of set of countermeasures • restrict the physical access to the Switches and cables only to the IT staff. • use TLS/SSL in the communication between the clients and the Servers. • allow only specific number of MAC address per Port , Depends on the Implementation requirement . • use feature Dynamic arp inspection to prevent the attacker to change the MAC Address. • use feature IP source guard to prevent the attacker from change his IP Address. • use feature DHCP snooping to prevent the attacker from violation (IP Source guard,Dynamic arp inspection). • adopt Encrypted protocols to manage the Switches and routers. V. CONCLUSIONS In this paper we discussed the importance of Network traffic analysis using wireshark and its role of solving the problems , network fornices ..etc. Also we discussed risk of network traffic analysis can be used to obtain helpful information to lunch the attack or stealing information . We also addressed many solutions that prevent the adversary from obtaining data and in case of access to the data , he will get encrypted data. VI. FUTURE WORK For future work, I will take the research in this paper further step to make comparing between all types of Traffic analysis tools And find the best environment to make ana- lyzing in less cost and with minimal delay to response to the clients Incidents . VII. ACKNOWLEDGMENT I would like to express My gratitude to all those who gave me the possibility to complete this paper. I want to thank the Computer Science Department for giving me permission to commence this paper in the first instance, to do the necessary research work and to use departmental data. I am deeply indebted to Dr. Ali Hadi from the CS Department for his guidance, stimulating suggestions and encouragement. REFERENCES [1] Ming-Hsing Chiu, Kuo-Pao Yang, Randall Meyer, and Tristan Kid- der,Analysis of a Man-in-the-Middle Experiment with Wireshark. [2] Mohammed Abdul Qadeer,Mohammad Zahid,Network Traffic Analy- sis and Intrusion Detection using Packet Sniffer,2010 . [3] Mustapha Adamu Mohammed*, Ashigbi Franlin Degadzor, Botchey Francis Effrim,Kwame Anim Appiah,BRUTE FORCE ATTACK DE- TECTION AND PREVENTION ON A NETWORK USING WIRE- SHARK ANALYSIS,2017.
. [4] Natarajan Meghanathan, Sumanth Reddy Allam and Loretta A. Moore,TOOLS AND TECHNIQUES FOR NETWORK FOREN- SICS,IJNSA, Vol .1, No.1,April 2009 . [5] Zhifeng Xiao,Yang Xiao,Network forensics analysis using Wire- shark,2015. [6] Brandon F. Murphy,Network Penetration Testing and Research,2013. [7] Te-Shun Chou, East Carolina University,TEACHING NETWORK SECURITY THROUGH SIGNATURE ANALYSIS OF COMPUTER NETWORK ATTACKS . [8] Ashwani Kumar,Security Attacks in Manet - A Review,2011. [9] D.Madhavi,TCP Session Hijacking Implementation by Stealing Cook- ies,Vol. 2, Issue 11, 2015 [10] Ankita Gupta, Kavita, Kirandeep Kaur,Vulnerability Assessment and Penetration Testing,International Journal of Engineering Trends and Technology- Volume4Issue3- 2013. [11] Mohammed Abdul Qadeer,Misbahur Rahman Siddiqui,Network Traf- fic Analysis and Intrusion Detection Using Packet Sniffer,January 2010. [12] Jian Zhang and Andrew Moore,Traffic Trace Artifacts due to Moni- toring Via Port Mirroring.

More Related Content

Similar to A Deeper Look into Network Traffic Analysis using Wireshark.pdf (20)

PDF
Internet Relay Chat Forensics
IJSRD
 
PPT
Distributed Systems
mitali.ray
 
DOCX
Firewall configuration
Nutan Kumar Panda
 
PPTX
Forensic tools
Venkata Sreeram
 
PPTX
Ethical Hacking - sniffing
Bhavya Chawla
 
PDF
IRJET- Adopting Encryption for Intranet File Communication System
IRJET Journal
 
PDF
A Study Of Open Ports As Security Vulnerabilities In Common User Computers
Joshua Gorinson
 
PDF
Attackers May Depend On Social Engineering To Gain...
Tiffany Sandoval
 
PDF
NON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTRE
cscpconf
 
PPTX
Advance Technology
Export Promotion Bureau
 
PPTX
Cyber security tutorial1
sweta dargad
 
PDF
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
Editor IJCATR
 
DOCX
For your final step, you will synthesize the previous steps and la
ShainaBoling829
 
PPT
Netdefender
krishna Maddikara
 
PDF
A network behavior analysis method to detect this writes about a method to ...
Thang Nguyen
 
PPT
Presentation, Firewalls
kkkseld
 
PPTX
Topic # 16 of outline Managing Network Services.pptx
AyeCS11
 
DOCX
Individual CommentsYour answers missed there below topics, sp.docx
dirkrplav
 
DOCX
9-1 Final Project Submission Network Analysis and Archit.docx
sleeperharwell
 
PDF
Avoiding Man in the Middle Attack Based on ARP Spoofing in the LAN
Editor IJCATR
 
Internet Relay Chat Forensics
IJSRD
 
Distributed Systems
mitali.ray
 
Firewall configuration
Nutan Kumar Panda
 
Forensic tools
Venkata Sreeram
 
Ethical Hacking - sniffing
Bhavya Chawla
 
IRJET- Adopting Encryption for Intranet File Communication System
IRJET Journal
 
A Study Of Open Ports As Security Vulnerabilities In Common User Computers
Joshua Gorinson
 
Attackers May Depend On Social Engineering To Gain...
Tiffany Sandoval
 
NON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTRE
cscpconf
 
Advance Technology
Export Promotion Bureau
 
Cyber security tutorial1
sweta dargad
 
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
Editor IJCATR
 
For your final step, you will synthesize the previous steps and la
ShainaBoling829
 
Netdefender
krishna Maddikara
 
A network behavior analysis method to detect this writes about a method to ...
Thang Nguyen
 
Presentation, Firewalls
kkkseld
 
Topic # 16 of outline Managing Network Services.pptx
AyeCS11
 
Individual CommentsYour answers missed there below topics, sp.docx
dirkrplav
 
9-1 Final Project Submission Network Analysis and Archit.docx
sleeperharwell
 
Avoiding Man in the Middle Attack Based on ARP Spoofing in the LAN
Editor IJCATR
 

More from Jessica Thompson (20)

PDF
017 Narrative Essay Example College Everythin
Jessica Thompson
 
PDF
How To Write A Research Introduction 10 Steps (Wit
Jessica Thompson
 
PDF
College Essay Mistakes We
Jessica Thompson
 
PDF
Hamburger Writing Template By Kids Korner Teachers
Jessica Thompson
 
PDF
Writing Papers And Lined Envelopes - BSC 019
Jessica Thompson
 
PDF
Term Paper Outline For High School - Research Paper
Jessica Thompson
 
PDF
Free Cause And Effect Essay. Cause And Effect E
Jessica Thompson
 
PDF
TOEFL Essay 011020 Teachers Libraries
Jessica Thompson
 
PDF
How To Write A Term Paper Complete Guide (2023)
Jessica Thompson
 
PDF
Synthesis Essay Checklist
Jessica Thompson
 
PDF
Essay Writing Website Best Website To Write Your Essay
Jessica Thompson
 
PDF
Printable Peppa Pig Reading And Writing Worksheet - M
Jessica Thompson
 
PDF
College Essay Clichs To Avoid (And Better Alternativ
Jessica Thompson
 
PDF
11 Tips On How To Write Essay Fa
Jessica Thompson
 
PDF
6 Best Images Of Free Printable Dotted Line Writing Paper - Free ...
Jessica Thompson
 
PDF
Analytical Essay Writing Tips For College Student
Jessica Thompson
 
PDF
Scholarship Essays Help 4 Ways To Make Your Essay
Jessica Thompson
 
PDF
Amazon.Com SpongeBob 11-Piece
Jessica Thompson
 
PDF
Argumentative Writing Prompts List Worksheets
Jessica Thompson
 
PDF
Essay Books. How To Write Essays About Books. 2019
Jessica Thompson
 
017 Narrative Essay Example College Everythin
Jessica Thompson
 
How To Write A Research Introduction 10 Steps (Wit
Jessica Thompson
 
College Essay Mistakes We
Jessica Thompson
 
Hamburger Writing Template By Kids Korner Teachers
Jessica Thompson
 
Writing Papers And Lined Envelopes - BSC 019
Jessica Thompson
 
Term Paper Outline For High School - Research Paper
Jessica Thompson
 
Free Cause And Effect Essay. Cause And Effect E
Jessica Thompson
 
TOEFL Essay 011020 Teachers Libraries
Jessica Thompson
 
How To Write A Term Paper Complete Guide (2023)
Jessica Thompson
 
Synthesis Essay Checklist
Jessica Thompson
 
Essay Writing Website Best Website To Write Your Essay
Jessica Thompson
 
Printable Peppa Pig Reading And Writing Worksheet - M
Jessica Thompson
 
College Essay Clichs To Avoid (And Better Alternativ
Jessica Thompson
 
11 Tips On How To Write Essay Fa
Jessica Thompson
 
6 Best Images Of Free Printable Dotted Line Writing Paper - Free ...
Jessica Thompson
 
Analytical Essay Writing Tips For College Student
Jessica Thompson
 
Scholarship Essays Help 4 Ways To Make Your Essay
Jessica Thompson
 
Amazon.Com SpongeBob 11-Piece
Jessica Thompson
 
Argumentative Writing Prompts List Worksheets
Jessica Thompson
 
Essay Books. How To Write Essays About Books. 2019
Jessica Thompson
 
Ad

Recently uploaded (20)

PPTX
Identifying elements in the story. Arrange the events in the story
geraldineamahido2
 
PPTX
Controller Request and Response in Odoo18
Celine George
 
PPTX
Difference between write and update in odoo 18
Celine George
 
PDF
I3PM Case study smart parking 2025 with uptoIP® and ABP
MIPLM
 
PDF
Lesson 1 - Nature of Inquiry and Research.pdf
marvinnbustamante1
 
PDF
WATERSHED MANAGEMENT CASE STUDIES - ULUGURU MOUNTAINS AND ARVARI RIVERpdf
Ar.Asna
 
PPTX
Introduction to Indian Writing in English
Trushali Dodiya
 
PPTX
Nitrogen rule, ring rule, mc lafferty.pptx
nbisen2001
 
PPTX
CATEGORIES OF NURSING PERSONNEL: HOSPITAL & COLLEGE
PRADEEP ABOTHU
 
PPTX
Marketing Management PPT Unit 1 and Unit 2.pptx
Sri Ramakrishna College of Arts and science
 
PPTX
How to Send Email From Odoo 18 Website - Odoo Slides
Celine George
 
PDF
IMPORTANT GUIDELINES FOR M.Sc.ZOOLOGY DISSERTATION
raviralanaresh2
 
PPTX
Building Powerful Agentic AI with Google ADK, MCP, RAG, and Ollama.pptx
Tamanna36
 
PPTX
HUMAN RESOURCE MANAGEMENT: RECRUITMENT, SELECTION, PLACEMENT, DEPLOYMENT, TRA...
PRADEEP ABOTHU
 
PPTX
care of patient with elimination needs.pptx
Rekhanjali Gupta
 
PDF
Introduction presentation of the patentbutler tool
MIPLM
 
PPTX
DIGITAL CITIZENSHIP TOPIC TLE 8 MATATAG CURRICULUM
ROBERTAUGUSTINEFRANC
 
PDF
Council of Chalcedon Re-Examined
Smiling Lungs
 
DOCX
Lesson 1 - Nature and Inquiry of Research
marvinnbustamante1
 
PPTX
How to Manage Allocation Report for Manufacturing Orders in Odoo 18
Celine George
 
Identifying elements in the story. Arrange the events in the story
geraldineamahido2
 
Controller Request and Response in Odoo18
Celine George
 
Difference between write and update in odoo 18
Celine George
 
I3PM Case study smart parking 2025 with uptoIP® and ABP
MIPLM
 
Lesson 1 - Nature of Inquiry and Research.pdf
marvinnbustamante1
 
WATERSHED MANAGEMENT CASE STUDIES - ULUGURU MOUNTAINS AND ARVARI RIVERpdf
Ar.Asna
 
Introduction to Indian Writing in English
Trushali Dodiya
 
Nitrogen rule, ring rule, mc lafferty.pptx
nbisen2001
 
CATEGORIES OF NURSING PERSONNEL: HOSPITAL & COLLEGE
PRADEEP ABOTHU
 
Marketing Management PPT Unit 1 and Unit 2.pptx
Sri Ramakrishna College of Arts and science
 
How to Send Email From Odoo 18 Website - Odoo Slides
Celine George
 
IMPORTANT GUIDELINES FOR M.Sc.ZOOLOGY DISSERTATION
raviralanaresh2
 
Building Powerful Agentic AI with Google ADK, MCP, RAG, and Ollama.pptx
Tamanna36
 
HUMAN RESOURCE MANAGEMENT: RECRUITMENT, SELECTION, PLACEMENT, DEPLOYMENT, TRA...
PRADEEP ABOTHU
 
care of patient with elimination needs.pptx
Rekhanjali Gupta
 
Introduction presentation of the patentbutler tool
MIPLM
 
DIGITAL CITIZENSHIP TOPIC TLE 8 MATATAG CURRICULUM
ROBERTAUGUSTINEFRANC
 
Council of Chalcedon Re-Examined
Smiling Lungs
 
Lesson 1 - Nature and Inquiry of Research
marvinnbustamante1
 
How to Manage Allocation Report for Manufacturing Orders in Odoo 18
Celine George
 
Ad

A Deeper Look into Network Traffic Analysis using Wireshark.pdf

  • 1. A Deeper Look into Network Traffic Analysis using Wireshark ∗Muhammed Alfawareh King Hussein School of Computing Sciences Princess Sumaya University for Technology,Amman,Jordan Abstract— Networks and the Internet are the backbones of the businesses in terms of sending and receiving data, as it saves time, effort and cost. And using traffic analysis performance issues can be optimized, network Forensics and spam can be detected, network proofing with penetration Testing can be done, policies can be formed to accommodate with using habits, and integrated systems can be made sure they deliver the data.Traffic analysis can also be used for malicious intents, it can be used to monitors the contents of the transmitted data like password, file names and communication parties, this paper will discuss all of these things how the attacker can obtain the traffic ,also will discuss some countermeasures to reduce this risk . Keywords: Wireshark, Traffic Analyzing ,Hijack attacks. I. INTRODUCTION Networks and the Internet are the backbone of business in term of sending and receiving data, as it saves time, effort and cost,Analysis of the network traffic is one of the most important tools used in network for performance analysis and detection of problems such as slow network and detect the spammer cause problems in the network, but at the same time double-edged weapon where it is the most important and dangerous tools used by the adversary to obtain information that helps them in gaining unauthorized access and stealing valuable informations [1] . A. Traffic Analysis Traffic analysis is collection of process intercepting and examining packets in order to extract the information from communication parties . It can be performed even when the communication are encrypted and cannot be decrypted. Traffic analysis can be performed in the context of military intelligence or counter-intelligence, and is a concern in computer security. We can know the communion parties, time of conversation, and we can obtain helpful information , passwords,file names,etc.. Traffic analysis is a special type of inference attack technique that looks at communication patterns between entities in a system[1,2]. B. Wireshark Wireshark ( Previously was known as Ethereal). Wire shark is one of the best efficient tools are used for traffic analyzing, this tool is free ,open source and compatible with all platforms, based on libpcap. It is widely used in network to solve the problems like performance issues , the issues be- tween integrated system like Avaya Communication manager and tiger system in hotels, Also we can use the wireshark in network forensics and by network professionals as well as educators. this tool support several type of protocols, such as TCP, IP, ARP and HTTP[1-3]. • Performance Issues: the most famous issue on the companies is slow connection to the web server,the complexity is every team (Networks, System adminis- trators, developers and security )in the company say the problem on the other team,so the Wireshark is helpful tool ,by analyzing the traffic in all path in the same time , problems can be determined. • Integrated System: the major problem in integrated systems synchronization and losing the data , but using powerful tools like wireshark we can determine the cause of problem by runing the wireshark in both sides in the same time . • Network Forensics: some companies they have bad employs , try to manipulate by the network and the systems , by sending Spam packets to all network ,and some of them send data related to the company to outside the company to give it to the compositor,So to fired these guys you need hard evidence , so using Traffic analyzer like the wireshark using costume filters we can determine these bad guys[4]. • Formulation of policies: using Wireshark we can determine the major sites visited by the Employee in the companies , based on the result of analysis we can formulate policy to prevent them from access those sites. • Penetration Testing: Wireshark tool enables the penetration tester to discover the flaws and breaches in the system security at user level authentication ,Also allows to ensures that imple- mentation of the system followed the standard[6]. • Education : WireShark is one of the most effective tools that help us in understanding and studying communication pro- cesses. For example How the clients get ip address from DHCP server?.DHCP is one of the most protocols used in the world in both LAN and WLAN networks, this protocol assigns parameters to the clients automatically, help the administrators from going to the devices and assign IP addresses.Also, it reduces IP addresses conflict issue. parameters are exchanged between the client and server in 4 stages as shown in figure 1[7]. II. NETWORK ATTACKS The attacker can lunch server hijacks attack using traffic analysis ,these attacks can be classified into two types:-
  • 2. Fig. 1. DHCP Lease Allocation Process. Fig. 2. Passive Attack. • Passive Attacks • Active Attacks A. Passive attack This attack occurs without Knowledge and touch the victim as shown in figure 2 ,where the attacker listen to the conversation,then analyze the information using packet analyzer and get helpful information like passwords, cookies, name files, sites visited by the victim , and even the attacker able to reconstruct the voice over IP (VOIP) conversations , as you can see in figure 3[8-9]. B. Active Attacks This type occurs without Knowledge the victim where the attacker the will touch the data of the victim and change the meaning and content,it can be implemented by several way Fig. 3. VOIP Conversation Fig. 4. Active Attack . like Arp spoofing, IP spoofing ..etc ,in this cases the attacker act as Man in the middle ,as shown in figure 4 [8-9]. III. METHODS TO SNIFF ON SWITCH Now we are going to discuss the methods that can be used to sniff the packets on the switch, being an intelligent device. A. ARP Spoofing As we Know the Communication on L2 using the MAC Address , In most scenarios when we want to send /receive data we need the destination mac address , So we used the ARP protocol the main problem with this protocol is stateless, which means any device connected on the switch can lunch reply packet pretend he is the destination mac address or the gateway, in this way we poised the cash entry on the victim machine and on the SW, therefore Any packet send from any machine to different network the attacker can take copy from packets[10-11]. B. MAC-Flooding The switch is an smart device , contain Mac address table , mapping between the mac address and the port number , Therefore when the the sender send data this data will forward to the destination based on the mac table , but the main problem the Switches have limitation on the number of recodes on the mac table , therefore the attacker can use tools like hping3 generate massive number of mac addresses,in this case the switch will become like the hub(Dumy device) , will forward copy of the data to all devices connected on the switch , the attacker one of them[11]. C. Port Mirroring Is a method of monitoring network traffic. With port mirroring enabled, the switch sends a copy of all network packets seen on one port (or an entire VLAN) to another port, where the packet can be analyzed.As you can see in figure 5.In this type the attacker need to Access the switch either direct connection using console or remotely using Management protocol like HTTP, Telnet, SSH, and add couple of command to the switch to take a copy from the victim traffic to the attacker machine[11-12].
  • 3. Fig. 5. Port mirroring Architecture . Fig. 6. Hardware Wired Tool kit Connections. Fig. 7. Alfa Tool Kit For wireless connections . D. Hardware Tool kits In this type the attacker use hardware tool and connect the kit to the victim cable , As shown figures 6,7. We can use another tool kit As shown in figure if the attacker connected by Wifi to the network IV. COUNTERMEASURES When the IT Staff Implement the network, they should aware of set of countermeasures • restrict the physical access to the Switches and cables only to the IT staff. • use TLS/SSL in the communication between the clients and the Servers. • allow only specific number of MAC address per Port , Depends on the Implementation requirement . • use feature Dynamic arp inspection to prevent the attacker to change the MAC Address. • use feature IP source guard to prevent the attacker from change his IP Address. • use feature DHCP snooping to prevent the attacker from violation (IP Source guard,Dynamic arp inspection). • adopt Encrypted protocols to manage the Switches and routers. V. CONCLUSIONS In this paper we discussed the importance of Network traffic analysis using wireshark and its role of solving the problems , network fornices ..etc. Also we discussed risk of network traffic analysis can be used to obtain helpful information to lunch the attack or stealing information . We also addressed many solutions that prevent the adversary from obtaining data and in case of access to the data , he will get encrypted data. VI. FUTURE WORK For future work, I will take the research in this paper further step to make comparing between all types of Traffic analysis tools And find the best environment to make ana- lyzing in less cost and with minimal delay to response to the clients Incidents . VII. ACKNOWLEDGMENT I would like to express My gratitude to all those who gave me the possibility to complete this paper. I want to thank the Computer Science Department for giving me permission to commence this paper in the first instance, to do the necessary research work and to use departmental data. I am deeply indebted to Dr. Ali Hadi from the CS Department for his guidance, stimulating suggestions and encouragement. REFERENCES [1] Ming-Hsing Chiu, Kuo-Pao Yang, Randall Meyer, and Tristan Kid- der,Analysis of a Man-in-the-Middle Experiment with Wireshark. [2] Mohammed Abdul Qadeer,Mohammad Zahid,Network Traffic Analy- sis and Intrusion Detection using Packet Sniffer,2010 . [3] Mustapha Adamu Mohammed*, Ashigbi Franlin Degadzor, Botchey Francis Effrim,Kwame Anim Appiah,BRUTE FORCE ATTACK DE- TECTION AND PREVENTION ON A NETWORK USING WIRE- SHARK ANALYSIS,2017.
  • 4. . [4] Natarajan Meghanathan, Sumanth Reddy Allam and Loretta A. Moore,TOOLS AND TECHNIQUES FOR NETWORK FOREN- SICS,IJNSA, Vol .1, No.1,April 2009 . [5] Zhifeng Xiao,Yang Xiao,Network forensics analysis using Wire- shark,2015. [6] Brandon F. Murphy,Network Penetration Testing and Research,2013. [7] Te-Shun Chou, East Carolina University,TEACHING NETWORK SECURITY THROUGH SIGNATURE ANALYSIS OF COMPUTER NETWORK ATTACKS . [8] Ashwani Kumar,Security Attacks in Manet - A Review,2011. [9] D.Madhavi,TCP Session Hijacking Implementation by Stealing Cook- ies,Vol. 2, Issue 11, 2015 [10] Ankita Gupta, Kavita, Kirandeep Kaur,Vulnerability Assessment and Penetration Testing,International Journal of Engineering Trends and Technology- Volume4Issue3- 2013. [11] Mohammed Abdul Qadeer,Misbahur Rahman Siddiqui,Network Traf- fic Analysis and Intrusion Detection Using Packet Sniffer,January 2010. [12] Jian Zhang and Andrew Moore,Traffic Trace Artifacts due to Moni- toring Via Port Mirroring.