Question

In: Computer Science

a- Explain the role of packet sniffing and protocol analyzers as used in network firewalls b-...

a- Explain the role of packet sniffing and protocol analyzers as used in network firewalls

b- Explain the role of packet sniffing and protocol analyzers as used in intrusion detection systems

c-List and specifically describe the 802.x Ethernet frame header fields that would be important to Network Forensic analysis

d- List and specifically describe the 802.x Wireless Ethernet frame header fields that would be important to Network Forensic analysis

Solutions

Expert Solution

Solution for the problems are provided below, please comment if any doubts:

a)

  • The network firewalls are to act as the barrier between a trusted secure network and outside world network that contain anything that we can’t event think.
  • The duty of firewall to identify the type of traffic that enters and leave a system and to block the unwanted or unsecure packets.
  • Packet sniffers are used to capture and analyze the network traffic and troubleshooting the network from errors. Thus packet sniffing will help to do the functions of firewall properly. When a packet in the traffic is sniffed for various suspected things, many suspected and unwanted packets can be eliminated by packet sniffers itself without going for further investigation.
  • The protocol analyzers are to analyze the network traffic packet protocol groups, the firewall can be set to block a particular protocol packets or allow green card for particular protocols, this protocol based filtering will be easy by using the protocol analyzers.
  • Thus packet sniffers and protocol analyzers are used to block or grant the packet entries to and from the network.

b)

  • Intrusion detection system is security implementing systems, in which the security of the network is enhanced by detecting the unwanted or attack intentioned entries to the system. These unauthorized entries are called intrusion.
  • The intrusion network traffic will have some common properties and this can be stored in a packet sniffer and it can be used to detect when intrusion happens. By analyzing the packets with the already stored intrusion certificate data, the intrusion detection is possible using packet sniffing.
  • The protocol analyzing is used to analyze the packet headers to check whether the packets are obeying a particular protocol or is it from some suspected network, etc. The intrusion attacks also will have some special protocol characteristics and it can be detected using a protocol analyzer.
  • Thus packet sniffers and protocol analyzers can be used in intrusion detection systems.

c)

The Ethernet frame headers that are important for network forensic analysis are:

  • The preamble
  • Destination MAC
  • Source MAC

d)

The wireless Ethernet frame headers that are important in forensic analysis are:

  • The source MAC address
  • The destination MAC address
  • The frame control field, it contains many headers to inspect
    • To DS
    • From DS
    • Protocol Version
    • WEP

Related Solutions

The following questions relate to the protocol used to manage the health of the network and...
The following questions relate to the protocol used to manage the health of the network and allow network devices to communicate to each other to keep network traffic flowing freely. An example of a common command that uses this protocol is ‘ping’. (10 marks total) What is the name of this protocol? (1 mark) What layer of the TCP/IP network model does this protocol belong? (1 mark) What is the command used to display a path that network traffic takes...
Computer A is sending a packet to Computer B, and the network topology says it must...
Computer A is sending a packet to Computer B, and the network topology says it must go through Switch A, then a router, the Switch B, and then the packet reaches switch B. I'm trying to describe this process of sending the packet with OSI model. My book says switches are layer 2 and routers are layer 3. If the packet is traveling down the OSI model from application to physical, how does it go through the router before the...
Host A sent packet to Host B explain the process of how the packet is going...
Host A sent packet to Host B explain the process of how the packet is going throuth EACH OF OSI LAYERS.. +with explaining EACH LAYER FUNCTION briefly pls..thanks
1) Define the following concepts: computer network, network architecture, protocol, and multilayer protocol. 2) As an...
1) Define the following concepts: computer network, network architecture, protocol, and multilayer protocol. 2) As an IT professional who works in the networked world describe the professional, social, economic, and cultural issues of computer networks. 3) As an IT professional who works in the networked world describe the ethical issues and your social responsibility.
Discuss how you will address the challenges of sniffing on a switched network in the testing...
Discuss how you will address the challenges of sniffing on a switched network in the testing process.
B. The following is a key exchange protocol used by two clients, A and B, to...
B. The following is a key exchange protocol used by two clients, A and B, to obtain a symmetric key???, using a trusted server, S. Assume that A and B had previously obtained the symmetric keys ??? and ??? securely with the server. Also assume that anyone can securely obtain a secret symmetric key with the server. I. A → S : A, B II. S → A : (???) ??? ,( ???) ??? III. A → B : (???)...
B. The following is a key exchange protocol used by two clients, A and B, to...
B. The following is a key exchange protocol used by two clients, A and B, to obtain a symmetric key???, using a trusted server, S. Assume that A and B had previously obtained the symmetric keys ??? and ??? securely with the server. Also assume that anyone can securely obtain a secret symmetric key with the server. I. A → S : A, B II. S → A : (???) ??? ,( ???) ??? III. A → B : (???)...
In packet switched network, store and forward refers to transmitting packet to the next link after...
In packet switched network, store and forward refers to transmitting packet to the next link after entire packet arrives at router scheduling of packet transmission to avoid congestion transmitting packet to the next link while router is receiving the packet    storing entire packet at router until acknowledgment is received Which of the following HTTP methods allows a user to upload an object to a specific path on a Web server? HEAD GET PUT POST Which of the following is NOT...
What is the main differences between Packet Switch Network & Circuit Switch Network?
What is the main differences between Packet Switch Network & Circuit Switch Network?
Give the similarities between network sniffing and wiretapping ? Why are they considered as passive threats...
Give the similarities between network sniffing and wiretapping ? Why are they considered as passive threats ?
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT