Effectiveness of Wireshark Tool for Detecting Attacks and Vulnerabilities in Network Traffic

DOI

10.2991/978-94-6463-110-4_10How to use a DOI?

Keywords

Wireshark tool; Syn flood attack; Vmware; Hping3

Abstract

Due to the popularity of using the technology, network security plays a crucial role recently which supports to establish strong systems that work against cyberattacks. Furthermore, the term “network vulnerabilities” refers to the flaws in the network which attackers exploit to break security and steal critical data. To discover the weaknesses of the network, the attackers use the mechanism of open port scanning to reach the systems and data, therefore the administrator should configure the network correctly and close any open ports. Monitoring network traffic is very important, so the developer focus to design analyzing tools that employ to inspect transmitted packets over the network to trace anomalous activities. Wireshark is one of the most well-known packets analyzing tool that is used to monitor the packets as well as used for examining the protocols. Moreover, the type of attack can be determined from the statistic report which generated by Wireshark tool. For instance, if the attacker sends syn packets to a target device, Wireshark will show the detail of syn packets. Practically, when tcp syn requests are flooded to any device, there will be a huge impact on the device’s resources like consuming the bandwidth which affects system performance at the end. This paper presents a penetration test to lunch syn flood attack by sending a huge number of syn packets from Kali Linux machine to three targeted machines which are Windows 8.1, Windows 10 and Metasploitable. The test includes three scenarios, the first one focus on flooding syn packets by using the real source ip address of the attacker machine while the second scenario relays on sending syn packets by utilizing a spoof source ip address. The final scenario depends on using a random source ip address to flood syn packets. The Wireshark tool will be run in Kali machine to capture the packets and generate detailed reports. The results of captured data will be recorded to make analysis and list the capabilities of this tool.

Copyright

© 2023 The Author(s)

Open Access

Open Access This chapter is licensed under the terms of the Creative Commons Attribution-NonCommercial 4.0 International License (http://creativecommons.org/licenses/by-nc/4.0/), which permits any noncommercial use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.

Download article (PDF)

TY  - CONF
AU  - Nawal A. L. Mabsali
AU  - Hothefa Jassim
AU  - Joseph Mani
PY  - 2023
DA  - 2023/01/30
TI  - Effectiveness of Wireshark Tool for Detecting Attacks and Vulnerabilities in Network Traffic
BT  - Proceedings of the 1st International Conference on Innovation in Information Technology and Business (ICIITB 2022)
PB  - Atlantis Press
SP  - 114
EP  - 135
SN  - 2352-538X
UR  - https://doi.org/10.2991/978-94-6463-110-4_10
DO  - 10.2991/978-94-6463-110-4_10
ID  - Mabsali2023
ER  -