Network security apparatuses include:
1. Wireshark
2. Netcat
3. Botnet
Wireshark:
Wireshark is a free and open-source bundle analyzer. It is utilized for system troubleshooting, dissection, programming and interchanges convention improvement, and training. Initially named Ethereal, in May 2006 the venture was renamed Wireshark because of trademark issues. Wireshark is cross-stage, utilizing the Gtk+ gadget toolbox as a part of current discharges, and Qt in the advancement rendition, to execute its client interface, and utilizing pcap to catch parcels; it runs on GNU/Linux, OS X, BSD, Solaris, some other Unix-like working frameworks, and Microsoft Windows. There is likewise a terminal-based (non-GUI) variant called Tshark. Wireshark, and alternate projects conveyed with it, for example, Tshark, are free programming, discharged under the terms of the GNU General Public License.
Functionality:
Wireshark is fundamentally the same to tcpdump, however has a graphical front-end, in addition to some coordinated sorting and sifting choices.
Wireshark permits the client to put system interface controllers that backing indiscriminate mode into that mode, keeping in mind the end goal to see all activity obvious on that interface, not simply movement tended to one of the interface 's arranged addresses and show/multicast activity. Notwithstanding, when catching with a bundle analyzer in unbridled mode on a port on a system switch, not the greater part of the activity going through the
First, let’s talk about Wireshark, it is the most common network packet analyzer used worldwide, perhaps one of the best open source (free) packet analyzers today. It lets you capture and interactively browse the traffic running on a computer network, helping you analyze and manage the traffic in your network. Like a measuring device used to examine what is going on in your network cable, like a voltmeter used by an electrician to examine what is going on inside an electric cable. Therefore, gives you the tools to do in depth network analysis, it will try to capture network packets and display them as detailed as possible for analysis. Furthermore, used for troubleshooting network problems, examine security problems, debug protocol
The User Datagram Protocol (UDP) is defined for use with IP network layer protocol in the transport layer protocol. It provides a best-effort datagram service to an End System (IP host). It uses a simple connectionless transmission model with a minimum of protocol mechanism. It uses no handshaking dialogues, and thus the user's program is exposed to any unreliability of the underlying network protocol. There is no guarantee of delivery, ordering, or duplicate protection. UDP provides checksums for data integrity, and port numbers for addressing different functions at the source and destination of the datagram.
Wireshark is an open-source program which enables users to actively capture and interact with the network traffic which is being funnelled through the computer. Commonly, pieces of software which do this are referred to as ‘packet sniffers’ - As the program is recording the packets which pass through the network.
OpenAudit application will alert to what traffic is on the network, how the network is setup and identification of how changes are effected.
Network Protocol used to create test situations, comprehend the system conduct against certain convention messages, consistence of new convention stack execution, Protocol stack testing.
Also, UDP is connectionless which means that there is no need for creating a connection first before sending out data and have more control over when data is sent out. Because data corruption is a common occurrence on the internet, UDP has a primitive form of error detection but it is not that reliable because it doesn't recover the error it just will be discarded. Even if the network is busy, UDP will try to cram packets in the network and this is a bad strategy because it will cause more collisions. Here where TCP comes, for having certain features that make the connection more reliable. However, it also has a bigger communication over than UDP. TCP's connection is based on negotiating first before doing anything, this known as the three-way handshake. If any error is detected, TCP offers retransmission when a receiver doesn't get a delivery a package. So, it will send it again guaranteeing your data to reach its destination in time and without duplication. Since all the work is done by the operating system, It automatically breaks up data into packets for you. So you just need to sit back and watch the show. Even the debugging is taken care of by your OS and if there are bugs in your OS, then you will face many problems like problems in surfing and downloading contents from the net. I do prefer the TCP service because it does all the work for you
1. Which tool is better at performing protocol captures and which tool is better at performing protocol analysis? The best tool for protocol captures is Wireshark. The best tool for protocol analysis is Netwitness.
The port scan basically scans the target computer services that use TCP and UDP ports and finds the available open ports. This is harmless as it only scans but it can give away potential information to the attacker and then once the attacker gathers the info, it helps them to plan and launch various attacks. There are different types of port scanning tools available for free such as nmap and SAINT but nmap is the most used tools to scan a network as it hardly needs administrative rights to run the
TCP stands as transmission control protocol .It is a connection-oriented protocol. TCP enables a connections between two hosts to exchange streams of data. TCP also give guarantee about the delivery of data and also give guarantees that the packet is sent in the same order in which they are assigned.
The early version of the worm functioned as a man-in-the-middle attack. It sat between the engineering software and the Siemens controllers for the input and output valves feeding into each centrifuge. The worm would accept commands from the engineering software and give false responses to indicate that these commands were being processed by the controllers. In reality, the worm was regularly allowing the centrifuges to be over-pressurized, which had the effect of causing the centrifuges to wear out and break more quickly. The later version of the software was much more crude. It would take over the centrifuges and refuse to acknowledge signals from the engineering software while an attack was active. The attack operated about once a month and worked by slowing down the centrifuges and then spinning them back up to past their normal full speed. This would cause damage as the centrifuges passed through what was known as a resonance speed, which would destabilize the rotor. Stuxnet managed to increase the rotor speeds at Iran’s Natanz nuclear facility from a normal speed of 63,000 rpm to 84,600 rpm. The worms were carefully designed so that it would not be obvious to someone in the facility that their mechanical systems were being sabotaged. For example, the worm would randomly affect different centrifuges at
Stream identifiers identify what stream a packet belongs to; class identifier identifies a transmitter and the information and packet classes. The timestamp fields are used to precisely specify the reference point of time for the transmission of the first packet [14]. The trailer is an optional part of the structure that can be used to enable other processes, as well as indicate states and events [14]. For the project these optional fields are disregarded.
Wire Shark will be used to allow deep packet level analysis of the network and to mitigate possible network latency problems. Ping is also used to provide the user the ability to check the network conductivity from the workstation to a specific node or internet site. Trace Route is still another utility that can show the full connection path between the user’s workstation and the desired destination system being reached. The use of these tools can decrease the amount of time of an outage on a network by identifying which devices are not passing on the packets and where the packets drops are taking
Catching sessions sent to or through a particular gadget or host, that is, either the physical sniffer itself alternately the host that houses a legitimate sniffer. Display 2 delineates this situation in a token-ring
When sending a packet, the length of the packet can exceed MTU (Maximum Transmission Unit) of the network interface. In this case, the packet is split into fragments no
A good place to begin with any examination is with the statistical and metadata information that can be uncovered within the packet capture. Using Wireshark Protocol Hierarchy Statistics, we can see that the traffic consists mainly of DNS datagrams (figure 1).