Malicious Traffic analysis using Wireshark by collection of Indicators of Compromise

Bindu Dodiya; Umesh Kumar Singh

Call for Paper

June Edition

IJCA solicits high quality original research papers for the upcoming June edition of the journal. The last date of research paper submission is 20 May 2024

Submit your paper

Know more

The week's pick

Enhancing Privacy Preservation: Multi-Attribute Protection with P-Sensitive K-Anonymity

Twinkle Patel Kiran Amin

Random Articles

Assessing the Effectiveness of Various Text Classification Algorithms in Customer Complaint Classification: An Informative Resource for Data Scientists and Data Analysts

Jan

2024

IRBBO for Gain Maximization of Fifteen-Element Yagi-Uda Antenna

April

2013

Intrusion Detection in Wireless Networks using FUZZY Neural Networks and Dynamic Context-Aware Role based Access Control Security (DCARBAC)

February

2012

Technique for Template Generation for Simultaneous Testing of Multiple Identical Functional Units in Super-scalar Architecture

November

2011

Reseach Article

Malicious Traffic analysis using Wireshark by collection of Indicators of Compromise

by Bindu Dodiya, Umesh Kumar Singh

International Journal of Computer Applications

Foundation of Computer Science (FCS), NY, USA

Volume 183 - Number 53

Year of Publication: 2022

Authors: Bindu Dodiya, Umesh Kumar Singh

10.5120/ijca2022921876

Bindu Dodiya, Umesh Kumar Singh . Malicious Traffic analysis using Wireshark by collection of Indicators of Compromise. International Journal of Computer Applications. 183, 53 ( Feb 2022), 1-6. DOI=10.5120/ijca2022921876

@article{ 10.5120/ijca2022921876,

author = { Bindu Dodiya, Umesh Kumar Singh },

title = { Malicious Traffic analysis using Wireshark by collection of Indicators of Compromise },

journal = { International Journal of Computer Applications },

issue_date = { Feb 2022 },

volume = { 183 },

number = { 53 },

month = { Feb },

year = { 2022 },

issn = { 0975-8887 },

pages = { 1-6 },

numpages = {9},

url = { https://ijcaonline.org/archives/volume183/number53/32286-2022921876/ },

doi = { 10.5120/ijca2022921876 },

publisher = {Foundation of Computer Science (FCS), NY, USA},

address = {New York, USA}

}

%0 Journal Article

%1 2024-02-07T01:19:47.089960+05:30

%A Bindu Dodiya

%A Umesh Kumar Singh

%T Malicious Traffic analysis using Wireshark by collection of Indicators of Compromise

%J International Journal of Computer Applications

%@ 0975-8887

%V 183

%N 53

%P 1-6

%D 2022

%I Foundation of Computer Science (FCS), NY, USA

Abstract

Packet analysis is a primary trace back technique in network forensics, Packet analysis, often referred to as packet sniffing or protocol analysis, describes the process of capturing and interpreting live data as it flows across a network in order to better understand what is happening on that network. This can be used to find traces of nefarious online behavior, data breaches, unauthorized website access, malware infection, and intrusion attempts, and to reconstruct image files, documents, email attachments, etc. sent over the network .Packet analysis is typically performed using a packet sniffer, a tool used to capture raw network data going across the wire. Wireshark proves to be an effective open source tool in the study of network packets and their behavior. In this regard, Wireshark can be used in identifying and categorizing various types of attack signatures. It lets administrator to see what’s happening on network at a microscopic level. The purpose of this paper is to demonstrate how Wireshark is applied in network protocol diagnosis and can be used to find some basic indicators of compromise for a malware.

References

Takahashi, D., Xiao, Y. and Meng, K. (2011) ‘Virtual flow-net for accountability and forensics of computer and network systems’, (Wiley Journal of) Security and Communication Networks, Vol. 7, No. 12, December, pp.2509–2526.
Denis Makrushin” Indicators of Compromise as an Instrument for Threat Intelligence ” Research article available online at https://www.researchgate.net/publication/349211330, Published in august 2015.
Thor, J. (2009) Why You Need a Network Analyzer, online available http://www.technewsworld.com/story/67411.html
Meng, K., Xiao, Y. and Vrbsky, “Building a wireless capturing tool for WiF”, Wiley Journal of Security and Communication Networks, Vol. 2, No. 6, November–December S.V. (2009), pp.654–668.
Vivens Ndatinya, Zhifeng Xiao, Vasudeva Rao Manepalli, Ke Meng and Yang Xiao “Network forensics analysis using Wireshark” Article in International Journal of Security and Networks · Vol. 10, No. 2, 2015.
Chris Sanders “Practical Packet Analysis Using Wireshark to solve Real-World Network Problems” 2nd Edition
https://www.malware-traffic-analysis.net/training-exercises.html 2020-08-21 -- Traffic analysis exercise - Pizza-Bender.
Jack G Zheng, Svetlana Peltsverger “Web Analytics Overview” In book: Encyclopedia of Information Science and Technology, Third Edition Chapter: 756 Publisher: IGI Global January 2015
https://en.wikipedia.org/wiki/VirusTotal.
Richard Sharpe, Ed Warnicke, Ulf Lamping” Wireshark User’s Guide Version” 3.7.0 available online at https://www.wireshark.org/docs/wsug_html/.
Allied Telesis “Dynamic Host Configuration Protocol - DHCP Feature Overview and ConfigurationGuide”availableonlineathttps://www.alliedtelesis.com/sites/default/files/documents/configuration-guides/dhcp_feature_overview_guide.pdf

Index Terms

Computer Science

Information Sciences

Keywords

Packet analyis Indicators of compromise IOC wireshark Maware