Book Image

Learning Network Forensics

By : Samir Datt
Book Image

Learning Network Forensics

By: Samir Datt

Overview of this book

We live in a highly networked world. Every digital device—phone, tablet, or computer is connected to each other, in one way or another. In this new age of connected networks, there is network crime. Network forensics is the brave new frontier of digital investigation and information security professionals to extend their abilities to catch miscreants on the network. The book starts with an introduction to the world of network forensics and investigations. You will begin by getting an understanding of how to gather both physical and virtual evidence, intercepting and analyzing network data, wireless data packets, investigating intrusions, and so on. You will further explore the technology, tools, and investigating methods using malware forensics, network tunneling, and behaviors. By the end of the book, you will gain a complete understanding of how to successfully close a case.
Table of Contents (17 chapters)
Learning Network Forensics
About the Author
About the Reviewers

How does tunneling work?

The process of encapsulating a packet within another packet and then sending it over the network is known as tunneling.

As we are aware, every packet has a header that contains details relating to the IP version, length of the IP header, size of the IP datagram, source address, destination address, flags, and a host of other data. The header length is usually 20 bytes. The remainder portion of the packet is the data. Tunneling involves hiding unsupported or unauthorized packets within the data portion of the IP datagram. In such cases, the available space is less than what it is usually and at times, this can cause a problem in the transmitted data.

Data tunneling is often used to hide the origin of the traffic across the network. The original packet and header is encapsulated and encrypted and an additional layer 3 header is added on top. In this manner, the process of tunneling neatly hides the original source of the packet. At the destination, the trusted computer...