Sign In Start Free Trial
Account

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Hands-On Network Forensics
  • Table Of Contents Toc
  • Feedback & Rating feedback
Hands-On Network Forensics

Hands-On Network Forensics

By : Nipun Jaswal
3.2 (6)
close
close
Hands-On Network Forensics

Hands-On Network Forensics

3.2 (6)
By: Nipun Jaswal

Overview of this book

Network forensics is a subset of digital forensics that deals with network attacks and their investigation. In the era of network attacks and malware threat, it’s now more important than ever to have skills to investigate network attacks and vulnerabilities. Hands-On Network Forensics starts with the core concepts within network forensics, including coding, networking, forensics tools, and methodologies for forensic investigations. You’ll then explore the tools used for network forensics, followed by understanding how to apply those tools to a PCAP file and write the accompanying report. In addition to this, you will understand how statistical flow analysis, network enumeration, tunneling and encryption, and malware detection can be used to investigate your network. Towards the end of this book, you will discover how network correlation works and how to bring all the information from different types of network devices together. By the end of this book, you will have gained hands-on experience of performing forensics analysis tasks.
Table of Contents (16 chapters)
close
close
Free Chapter
1
Section 1: Obtaining the Evidence
4
Section 2: The Key Concepts
8
Section 3: Conducting Network Forensics

Analyzing packets on ICMP

Let's take a look at the Internet Control Message Protocol (ICMP). It is one of the most popular protocols, and is better known for being used in ping commands, which is where an ICMP echo request is sent to an IP address with some random data, and it then denotes whether the system is alive. A typical ICMP packet would look like this:

The ICMP has many messages, which are identified by the Type of Message field. The Code field indicates the type of message. The Identifier and Sequence Number can be used by the client to match the reply with the request that caused the reply.

The Data field may contain a random string or a timestamp to compute the round-trip time in a stateless manner. Let's ping https://www.google.com/ and analyze it in Wireshark:

We can see that we have four Echo request and four Echo reply packets. Let...

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech

Create a Note

Modal Close icon
You need to login to use this feature.
notes
bookmark search playlist font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected

Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Delete Note

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Edit Note

Modal Close icon
Write a note (max 255 characters)
Cancel
Update Note

Confirmation

Modal Close icon
claim successful

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY