Question

a- Explain the role of packet sniffing and protocol analyzers as used in network firewalls

b- Explain the role of packet sniffing and protocol analyzers as used in intrusion detection systems

c-List and specifically describe the 802.x Ethernet frame header fields that would be important to Network Forensic analysis

d- List and specifically describe the 802.x Wireless Ethernet frame header fields that would be important to Network Forensic analysis

Answer 1

Solution for the problems are provided below, please comment if any doubts:

a)

• The network firewalls are to act as the barrier between a trusted secure network and outside world network that contain anything that we can’t event think.
• The duty of firewall to identify the type of traffic that enters and leave a system and to block the unwanted or unsecure packets.
• Packet sniffers are used to capture and analyze the network traffic and troubleshooting the network from errors. Thus packet sniffing will help to do the functions of firewall properly. When a packet in the traffic is sniffed for various suspected things, many suspected and unwanted packets can be eliminated by packet sniffers itself without going for further investigation.
• The protocol analyzers are to analyze the network traffic packet protocol groups, the firewall can be set to block a particular protocol packets or allow green card for particular protocols, this protocol based filtering will be easy by using the protocol analyzers.
• Thus packet sniffers and protocol analyzers are used to block or grant the packet entries to and from the network.

b)

• Intrusion detection system is security implementing systems, in which the security of the network is enhanced by detecting the unwanted or attack intentioned entries to the system. These unauthorized entries are called intrusion.
• The intrusion network traffic will have some common properties and this can be stored in a packet sniffer and it can be used to detect when intrusion happens. By analyzing the packets with the already stored intrusion certificate data, the intrusion detection is possible using packet sniffing.
• The protocol analyzing is used to analyze the packet headers to check whether the packets are obeying a particular protocol or is it from some suspected network, etc. The intrusion attacks also will have some special protocol characteristics and it can be detected using a protocol analyzer.
• Thus packet sniffers and protocol analyzers can be used in intrusion detection systems.

c)

The Ethernet frame headers that are important for network forensic analysis are:

• The preamble
• Destination MAC
• Source MAC

d)

The wireless Ethernet frame headers that are important in forensic analysis are:

• The source MAC address
• The destination MAC address
• The frame control field, it contains many headers to inspect
  • To DS
  • From DS
  • Protocol Version
  • WEP