CSS 411: BASICS OF DIGITAL FORENSICS

TABLE OF CONTENTS

1.0.Introduction

1.1.Packet capturing and Analysis

1.2.Definition of key terms.

1.3.Scope of the work.

2.0.Related work.

2.1Aims and objectives of Research work.

3.0.Materials and Method.

3.1Tools and Applications used

3.2Wireshark

3.2.1Uses of Wireshark

3.2.2Features of Wireshark

4.0.Results and Discussion

4.1Packets Capturing using Wireshark

4.2Packets Analyzing using Wireshark

4.3IP address Capturing/Tracing

5.0.Summary & Conclusion

5.1Summary

5.2Conclusion

References 

1.0.INTRODUCTION

1.1.PACKETS CAPTURING AND ANALYZING

Sometimes a problem arises that requires more than a cursory look at network traffic. One of the more dynamic tools for packet capture and traffic analysis is Wireshark, used by many for its adaptability and open-source coding. Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communication protocol development, and education.

Wireshark, a network analysis tool formerly known as Ethereal, captures packets in real time and display them in human-readable format. Wireshark includes filters, color coding, and other features that let you dig deep into network traffic and inspect individual packets.

This report will get you up to speed with the basics of capturing packets, filtering them, and inspecting them. You can use Wireshark to inspect a suspicious program’s network traffic, analyze the traffic flow on your network, or troubleshoot network problems.

DEFINITION OF TERMS

II.Wireshark: Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communication protocol development, and education

III.Packets: This is the unit of data that is routed between an origin and a destination on the Internet or any other packet-switched network

IV.Protocol: This is a common language or sets of rules in which devices connected to a network use to established communication between two or more devices on the network.

V.Packets capturing: is a computer networking term for intercepting a data packet that is crossing or moving over a specific computer network. Once a packet is captured, it is stored temporarily so that it can be analyzed.

VI.Packet Analyzing: is a process of inspecting, cleansing, transforming, and modeling packets with the goal of discovering useful information, informing conclusions, and supporting decision-making

VII.IP (Internet Protocol): is the method or protocol by which data is sent from one computer to another on the Internet. Each computer (known as a host) on the Internet has at least one IP address that uniquely identifies it from all other computers on the Internet.

VIII.UDP (User Datagram Protocol): is an alternative communications protocol to Transmission Control Protocol (TCP) used primarily for establishing low-latency and loss-tolerating connections between applications on the internet.