Capability of Wireshark as Intrusion Detection System

Abstract

The rise of networks has increased very fastly in this modern world. Our day to- day life mostly depends on the internet. It can be in the form of education, banking, research, business, journalism and many more. This dependency also leads to various types of intrusions. To identify intrusions on the grid, the system must have a detection engine that can detect intrusions automatically without any human intervention. Wireshark is an important tool for the analysis of network packets. But Wireshark lacks the feature of intrusion detection. In this paper, we will show that Wireshark can be considered not only as troubleshooting tool, network analyzer, protocol analyzer, packet sniffer but also a network intrusion detection tool because if the user has appropriate knowledge about attacks and data packets, then he could easily identify an attack by observing a specific data packet patterns. In this paper, an attack pattern dictionary will be created using which captured live data packets will be manually mapped in order to detect intrusions. We will also identify various attacks captured by Wireshark using this process.