CFP last date
20 January 2025
Reseach Article

Malicious Traffic analysis using Wireshark by collection of Indicators of Compromise

by Bindu Dodiya, Umesh Kumar Singh
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 183 - Number 53
Year of Publication: 2022
Authors: Bindu Dodiya, Umesh Kumar Singh
10.5120/ijca2022921876

Bindu Dodiya, Umesh Kumar Singh . Malicious Traffic analysis using Wireshark by collection of Indicators of Compromise. International Journal of Computer Applications. 183, 53 ( Feb 2022), 1-6. DOI=10.5120/ijca2022921876

@article{ 10.5120/ijca2022921876,
author = { Bindu Dodiya, Umesh Kumar Singh },
title = { Malicious Traffic analysis using Wireshark by collection of Indicators of Compromise },
journal = { International Journal of Computer Applications },
issue_date = { Feb 2022 },
volume = { 183 },
number = { 53 },
month = { Feb },
year = { 2022 },
issn = { 0975-8887 },
pages = { 1-6 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume183/number53/32286-2022921876/ },
doi = { 10.5120/ijca2022921876 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-07T01:19:47.089960+05:30
%A Bindu Dodiya
%A Umesh Kumar Singh
%T Malicious Traffic analysis using Wireshark by collection of Indicators of Compromise
%J International Journal of Computer Applications
%@ 0975-8887
%V 183
%N 53
%P 1-6
%D 2022
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Packet analysis is a primary trace back technique in network forensics, Packet analysis, often referred to as packet sniffing or protocol analysis, describes the process of capturing and interpreting live data as it flows across a network in order to better understand what is happening on that network. This can be used to find traces of nefarious online behavior, data breaches, unauthorized website access, malware infection, and intrusion attempts, and to reconstruct image files, documents, email attachments, etc. sent over the network .Packet analysis is typically performed using a packet sniffer, a tool used to capture raw network data going across the wire. Wireshark proves to be an effective open source tool in the study of network packets and their behavior. In this regard, Wireshark can be used in identifying and categorizing various types of attack signatures. It lets administrator to see what’s happening on network at a microscopic level. The purpose of this paper is to demonstrate how Wireshark is applied in network protocol diagnosis and can be used to find some basic indicators of compromise for a malware.

References
  1. Takahashi, D., Xiao, Y. and Meng, K. (2011) ‘Virtual flow-net for accountability and forensics of computer and network systems’, (Wiley Journal of) Security and Communication Networks, Vol. 7, No. 12, December, pp.2509–2526.
  2. Denis Makrushin” Indicators of Compromise as an Instrument for Threat Intelligence ” Research article available online at https://www.researchgate.net/publication/349211330, Published in august 2015.
  3. Thor, J. (2009) Why You Need a Network Analyzer, online available http://www.technewsworld.com/story/67411.html
  4. Meng, K., Xiao, Y. and Vrbsky, “Building a wireless capturing tool for WiF”, Wiley Journal of Security and Communication Networks, Vol. 2, No. 6, November–December S.V. (2009), pp.654–668.
  5. Vivens Ndatinya, Zhifeng Xiao, Vasudeva Rao Manepalli, Ke Meng and Yang Xiao “Network forensics analysis using Wireshark” Article in International Journal of Security and Networks · Vol. 10, No. 2, 2015.
  6. Chris Sanders “Practical Packet Analysis Using Wireshark to solve Real-World Network Problems” 2nd Edition
  7. https://www.malware-traffic-analysis.net/training-exercises.html 2020-08-21 -- Traffic analysis exercise - Pizza-Bender.
  8. Jack G Zheng, Svetlana Peltsverger “Web Analytics Overview” In book: Encyclopedia of Information Science and Technology, Third Edition Chapter: 756 Publisher: IGI Global January 2015
  9. https://en.wikipedia.org/wiki/VirusTotal.
  10. Richard Sharpe, Ed Warnicke, Ulf Lamping” Wireshark User’s Guide Version” 3.7.0 available online at https://www.wireshark.org/docs/wsug_html/.
  11. Allied Telesis “Dynamic Host Configuration Protocol - DHCP Feature Overview and ConfigurationGuide”availableonlineathttps://www.alliedtelesis.com/sites/default/files/documents/configuration-guides/dhcp_feature_overview_guide.pdf
Index Terms

Computer Science
Information Sciences

Keywords

Packet analyis Indicators of compromise IOC wireshark Maware