Call for Paper - January 2024 Edition
IJCA solicits original research papers for the January 2024 Edition. Last date of manuscript submission is December 20, 2023. Read More

Malicious Traffic analysis using Wireshark by collection of Indicators of Compromise

Print
PDF
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Year of Publication: 2022
Authors:
Bindu Dodiya, Umesh Kumar Singh
10.5120/ijca2022921876

Bindu Dodiya and Umesh Kumar Singh. Malicious Traffic analysis using Wireshark by collection of Indicators of Compromise. International Journal of Computer Applications 183(53):1-6, February 2022. BibTeX

@article{10.5120/ijca2022921876,
	author = {Bindu Dodiya and Umesh Kumar Singh},
	title = {Malicious Traffic analysis using Wireshark by collection of Indicators of Compromise},
	journal = {International Journal of Computer Applications},
	issue_date = {February 2022},
	volume = {183},
	number = {53},
	month = {Feb},
	year = {2022},
	issn = {0975-8887},
	pages = {1-6},
	numpages = {6},
	url = {http://www.ijcaonline.org/archives/volume183/number53/32286-2022921876},
	doi = {10.5120/ijca2022921876},
	publisher = {Foundation of Computer Science (FCS), NY, USA},
	address = {New York, USA}
}

Abstract

Packet analysis is a primary trace back technique in network forensics, Packet analysis, often referred to as packet sniffing or protocol analysis, describes the process of capturing and interpreting live data as it flows across a network in order to better understand what is happening on that network. This can be used to find traces of nefarious online behavior, data breaches, unauthorized website access, malware infection, and intrusion attempts, and to reconstruct image files, documents, email attachments, etc. sent over the network .Packet analysis is typically performed using a packet sniffer, a tool used to capture raw network data going across the wire. Wireshark proves to be an effective open source tool in the study of network packets and their behavior. In this regard, Wireshark can be used in identifying and categorizing various types of attack signatures. It lets administrator to see what’s happening on network at a microscopic level. The purpose of this paper is to demonstrate how Wireshark is applied in network protocol diagnosis and can be used to find some basic indicators of compromise for a malware.

References

  1. Takahashi, D., Xiao, Y. and Meng, K. (2011) ‘Virtual flow-net for accountability and forensics of computer and network systems’, (Wiley Journal of) Security and Communication Networks, Vol. 7, No. 12, December, pp.2509–2526.
  2. Denis Makrushin” Indicators of Compromise as an Instrument for Threat Intelligence ” Research article available online at https://www.researchgate.net/publication/349211330, Published in august 2015.
  3. Thor, J. (2009) Why You Need a Network Analyzer, online available http://www.technewsworld.com/story/67411.html
  4. Meng, K., Xiao, Y. and Vrbsky, “Building a wireless capturing tool for WiF”, Wiley Journal of Security and Communication Networks, Vol. 2, No. 6, November–December S.V. (2009), pp.654–668.
  5. Vivens Ndatinya, Zhifeng Xiao, Vasudeva Rao Manepalli, Ke Meng and Yang Xiao “Network forensics analysis using Wireshark” Article in International Journal of Security and Networks · Vol. 10, No. 2, 2015.
  6. Chris Sanders “Practical Packet Analysis Using Wireshark to solve Real-World Network Problems” 2nd Edition
  7. https://www.malware-traffic-analysis.net/training-exercises.html 2020-08-21 -- Traffic analysis exercise - Pizza-Bender.
  8. Jack G Zheng, Svetlana Peltsverger “Web Analytics Overview” In book: Encyclopedia of Information Science and Technology, Third Edition Chapter: 756 Publisher: IGI Global January 2015
  9. https://en.wikipedia.org/wiki/VirusTotal.
  10. Richard Sharpe, Ed Warnicke, Ulf Lamping” Wireshark User’s Guide Version” 3.7.0 available online at https://www.wireshark.org/docs/wsug_html/.
  11. Allied Telesis “Dynamic Host Configuration Protocol - DHCP Feature Overview and ConfigurationGuide”availableonlineathttps://www.alliedtelesis.com/sites/default/files/documents/configuration-guides/dhcp_feature_overview_guide.pdf

Keywords

Packet analyis, Indicators of compromise IOC, wireshark, Maware