China
Africa
Explore chapters and articles related to this topic
Tools and Configurations
Published in Rui Valadas, OSPF and IS-IS, 2019
Filter toolbar A filter lets you choose what you want to see. In Wireshark, the filters are specified in the filter toolbar, and there are many predefined filters. For example, the ospf keyword, shown in Figure 8.2, lets us see only OSPF packets. In our experiments, we will use ospf or isis filters. Wireshark allows us to be more specific regarding a protocol. For example, to see only OSPF HELLO packets you can use the ospf.hello filter. Packet list pane Immediately below the filter toolbar, you find the packet list pane. This pane has one line per observed packet and displays the most important information regarding each packet. It has seven columns: (i) No. is the packet number, (ii) Time is the capture time, (iii) Source is the source address, (iv) Destination is the destination address, (v) Protocol is the highest-layer protocol decoded by Wireshark, (vi) Length is the packet length, and (vii) Info includes additional information, such as the packet type.
Introduction to Smart Grid Systems
Published in Felix Alberto Farret, Marcelo Godoy Simões, Danilo Iglesias Brandão, Electronic Instrumentation for Distributed Generation and Power Processes, 2017
Felix Alberto Farret, Marcelo Godoy Simões, Danilo Iglesias Brandão, Luciane N. Canha, Alzenira R. Abaide, Daniel P. Bernardon
A common scenario of vulnerability is to obtain data through the SCADA system over an IP network, with monitoring devices. In this scenario, the described vulnerabilities can be easily identified through the use of tools analyzing the data traffic in communication networks. The use of masking techniques, such as IP spoofing, where an attacker changes its address to look like a legitimate device, is widely treated in the literature [24]. Network sniffers like Wireshark or TCPDump can be easily used to analyze network traffic. With this analysis, critical information can be intercepted and tampered if the messages do not use data encryption. Using the Man-in-the-Middle Attack, the data can easily be intercepted and tampered. The information read by a sensor, such as smart meter, could be modified. This can lead the system to an inconsistent state. Likewise, a DoS or DDoS attack can easily be performed, making several requests, apparently legitimate, thus overloading the SCADA system and making it unavailable. With this purpose, some packet insertion tools, such as HPING3, could be used.
Malware Detection and Mitigation
Published in Nicholas Kolokotronis, Stavros Shiaeles, Cyber-Security Threats, Actors, and Dynamic Mitigation, 2021
Gueltoum Bendiab, Stavros Shiaeles, Nick Savage
Wireshark14 is a great packet analysis tool that intercepts and logs network traffic, especially to analyze network usage, debug application issues, and study protocols in action. The tool is commonly used for network analysis, security assessment, and troubleshooting. It provides visualization, packet-stream analysis, and in-depth analysis of particular packets [9]. Further, it allows security analysts to view pages and traffic, and even recreate and save files that were transferred while the packet capture was running.
AI-enabled IoT penetration testing: state-of-the-art and research challenges
Published in Enterprise Information Systems, 2023
Claudia Greco, Giancarlo Fortino, Bruno Crispo, Kim-Kwang Raymond Choo
- Wireshark is a network sniffer that allows network traffic analysis by capturing data packets and enabling one to examine their traits (e.g., what protocol is used). Thus, it helps one to interpret the content of the communication between client and server at various levels.
Cyber-Espionage Malware Attacks Detection and Analysis: A Case Study
Published in Journal of Computer Information Systems, 2022
In this study, we used the AccessData Forensic Toolkit (FTK), Process Monitor, Autopsy, Wireshark, Registry Viewer, and Volatility programs, which are noncommercial and nonprofit, commonly used in the literature, and have high success rates in detection and analysis of malware for spying and espionage activities. AccessData Forensic Toolkit (FTK): FTK is a constantly updated digital data analysis program developed by AccessData.37 The program is quite successful in analyzing digital evidence and converting digital evidence into concrete reports. It is easier to use and practical than EnCase Forensic. With the FTK, all folders or files on the suspect computer can be previewed and their contents can be statically or dynamically analyzed.Process Monitor: The program can access to information such as file system snapshot and registry on the suspect computer.38 Process Monitor program enables monitoring of all processes running in the operating system of the suspect computer during the dynamic analysis process.Autopsy: The program is one of the most popular forensic software used in forensic investigations,39 and the reliable software that can be used in all stages of forensic copy creation, analysis, and reporting. The Autopsy is a Windows-based program that recognizes almost all file systems, compatible with many image formats and supports RAID systems. All folders and files on the suspicious computer can be detected and analyzed.Wireshark: Wireshark is a completely free and open-source network protocol analysis tool.40 Data traffic details (TCP/IP) are analyzed with the program on the suspect computer during the dynamic analysis process.Registry Viewer: Registry Viewer is a guide that keeps a large number of configuration settings for all programs and applications on the system, including the operating system.41 The values here carry sensitive data showing both the identity of the computer user, settings and features of the software on the computer. Accessing this information is very important for analysis. Registry Viewer is a free analysis tool developed by AccessData company to examine the Registry records of Windows-based computers.Volatility: Volatility is an open-source forensic analysis tool written in Python language.42 Volatility is designed to analyze the memory files recorded on the disk (dump), and examine the programs running on the system, the network connections and the DLLs loaded. Volatility can be run on Windows and Linux operating systems.