Performing Forensic Analysis on Network to Identify Malicious Traffic

Abstract

With the wide range of internet, cybercrime attacks are increased against the networked system and raised the importance of network security. More and more cyber threats are confronting organizations. The malicious threats in an enterprise make use of the network for industrial spying. It is important to examine the data in the context of packets being transmitted across the network to recognize the suspect's behaviors. Network administrators must be able to analyze and examine the networking traffic to understand how the events occur and to execute immediate reactions in case of an unexpected attack. Network forensics is like a camera for monitoring, correlating, checking and investigating network traffic for different objectives such as a gathering of information, forensic evidence, or ids (intrusion detection system). This paper proposes a Network forensics analysis framework to identify malicious threats in network traffic using Wireshark and generate alert using snort. An algorithm is proposed to find the attack intentions. Wireshark is used to diagnosis of the protocols in the network and used to identify network-based attacks such as port scanning, TCP based attacks, and HTTP based attacks. Snort is used to detect network-based attacks using some rules and all activities on network traffic are recorded on Snort are stored in a log file.