Book Image

Learning Network Forensics

By : Samir Datt
Book Image

Learning Network Forensics

By: Samir Datt

Overview of this book

We live in a highly networked world. Every digital device—phone, tablet, or computer is connected to each other, in one way or another. In this new age of connected networks, there is network crime. Network forensics is the brave new frontier of digital investigation and information security professionals to extend their abilities to catch miscreants on the network. The book starts with an introduction to the world of network forensics and investigations. You will begin by getting an understanding of how to gather both physical and virtual evidence, intercepting and analyzing network data, wireless data packets, investigating intrusions, and so on. You will further explore the technology, tools, and investigating methods using malware forensics, network tunneling, and behaviors. By the end of the book, you will gain a complete understanding of how to successfully close a case.
Table of Contents (17 chapters)
Learning Network Forensics
About the Author
About the Reviewers

Packet sniffing and analysis using Wireshark

In the previous chapter, we discussed how to install Wireshark on our computers.

Let's take a quick look at the Wireshark interface:

As we can see, the interface is quite intuitive. Once a few basic decisions, as outlined in the previous chapter (such as the selection of interface to capture from) have been made, the capture operation is initiated.

Once the capture operation begins, the interface looks similar to the following screenshot:

Packet List pane

Each row in the preceding screenshot represents a packet captured by Wireshark.

When one of the rows/packets is highlighted and right-clicked, we can see the TCP stream for the in-depth detail about its contents, as shown in the following screenshot:

Another cool thing that you can get Wireshark to do is to resolve the IP addresses to real-world human-readable domains using Address Resolution, as shown in the following screenshot:

The Wireshark main window is broadly divided into three distinct areas...