Study of Network Traffic Behavior and Detection of Attacks in WIRESHARK

Conference: Sixth International Conference on Recent Trends in Information, Telecommunication and Computing
Author(s): Amanpreet Kaur, Monika Sachdeva Year: 2015
Grenze ID: 02.ITC.2015.6.546 Page: 123-150

Abstract

Security has become an important requisite due to the prevalent attacks and various other security issues that have made networks vulnerable to a great extent. There is a requirement to analyze the networks and diagnose the malicious packets travelling through it. This lead to the development of a number of packet analyzers that will monitor the network assets to detect their anomalous behavior and misuse . In this paper we use wireshark as a packet analyzer which observed the communicating nodes and gathered data from them on an institute network . Wireshark is an open source packet analyzer , which was formerly known as Ethereal. Protocol usage distribution is built which shows low , medium and peak loads of traffic . HTTP Statistics are built for request and response analysis and Expert analysis is done to detect warnings and malformed packets . The outputs are shown in graphs namely time Sequence graph, round trip time graph , throughput graph and flow graph . Certain attacks are observed namely DHCP Spoofing , DDOS attack, ARP Spoofing , HTTP Spidering and they are shown through graphs as well. The graphs obtained here using wireshark help to interpret the efficiency and performance of the network of an institute taken.

<< BACK

ITC - 2015