Study of Network Traffic Behavior and Detection of Attacks in WIRESHARK
Conference: Sixth International Conference on Recent Trends in Information, Telecommunication and Computing
AbstractSecurity has become an important requisite due to the prevalent attacks and various other security issues that have made networks vulnerable to a great extent. There is a requirement to analyze the networks and diagnose the malicious packets travelling through it. This lead to the development of a number of packet analyzers that will monitor the network assets to detect their anomalous behavior and misuse . In this paper we use wireshark as a packet analyzer which observed the communicating nodes and gathered data from them on an institute network . Wireshark is an open source packet analyzer , which was formerly known as Ethereal. Protocol usage distribution is built which shows low , medium and peak loads of traffic . HTTP Statistics are built for request and response analysis and Expert analysis is done to detect warnings and malformed packets . The outputs are shown in graphs namely time Sequence graph, round trip time graph , throughput graph and flow graph . Certain attacks are observed namely DHCP Spoofing , DDOS attack, ARP Spoofing , HTTP Spidering and they are shown through graphs as well. The graphs obtained here using wireshark help to interpret the efficiency and performance of the network of an institute taken. |
ITC - 2015 |