Netw ork M in er P ack et a n aly zer C ONFERENCE ON T ECHNOLOGIES FOR F UTURE C ITIES

Netw ork M in er P ack et a n aly zer

C ONFERENCE ON T
ECHNOLOGIES FOR F
UTURE C
ITIES ?? (
??CTFC
??)
??2019

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

P ROF . S
MITA VISHNU MORE
J
IDNASA V
IJAYKUMAR PILLAI , R
OHINI BRIDGITTE STANLY , P
RAJYOT P
RASAD SALGAONKAR , ?? ?A NAMIKA SANAP

Abstract:
In
th is
dig ita l
world ,
crim es
are
in cre asin g
a lo t.
As
ad van ced
te ch nolo gie s
are
co m in g
up,
crim es
re la te d
to
th ese

te ch nolo gie s
are
als o
ris in g
with
hig h
sp eed .
So,
it
is
a hig h
tim e
to
dea l
wit h
it.
It
is
th e
need
of
th e
hour
to
ta k e

necessa ry
pre cau tio ns
ag ain st
th ese
crim es.
We
all
know
th at
th e
crim e
bra n ch
is
ta k in g
esse n tia l
ste p s
to
pre v en t

th e
crim es
fro m
hap pen in g.
But,
we
desir e
to
co ntr ib ute
to
th eir
se rv ic e
to
th e
natio n.
We
will
ex plo re
a pack et

an aly zer
calle d
Netw ork M in er
an d
perfo rm
vario us
activ it ie s
re la te d
to
bro w se r.
Als o ,
we
wil l
perfo rm
a case
stu dy

in
whic h
th e
mis sin g
case
of
a gir l
is
so lv ed
usin g
Netw ork M in er.
The
Netw ork M in er
wit h
th e
help
of
Wir e sh ark

will
dete ct
th e
em ail,
th e
atta ch m en t
as
well
as
th e
lo catio n
of
th e
mis sin g
pers o n.
We
will
als o
do
it
in
re a l
tim e

pers p ectiv e.

Keywords:
NetworkMiner, Wireshark, packet analyzer, forensics

Submitted on ??:31 October 2018
Revised on ??:
Accepted on ??:
*Corresponding Author ?? Email: [email protected] Phone:8828753911
I.
I NTRODUCTION

This
pap er
in tr o duces
a kin d
of
pack et
an aly zer

nam ed
Netw ork M in er
an d
its
work in g
alo ng
with

re al t im e e x am ple s.

Netw ork M in er
is
an
?open
so urc e
Netw ork

Fore n sic A naly sis T ool.

Featu re s
of
Netw ork M in er
in clu de
Netw ork

Fore n sic s,
Netw ork
Snif fin g,
PC A P
Pars e r,
Dig ita l

Fore n sic s a n d P ack et S nif fe r.

Exis tin g
Applic atio n-
Netw ork
Min or
is
a to ol

whic h
use d
to
fe tc h
th e
critic a l
cre d en tia ls
via
th e

mail
messa g es.
This
can
be
ela b ora te d
by
th e
giv en

case s tu dy.

II.
M ETHODOLOGY

Fir s t
Netw ork
Min er
to ol
is
to
be
in sta lle d
fr o m

th e
In te rn et.
?Extr a ct
th e
dow nlo ad ed
file
an d

ch an ge
th e
lo catio n
i.e .
cre a te
a fo ld er
in

C/P ro gra m
File s
an d
th en ,
co py
all
th e
file s
fro m
th e
ex tr a cte d
fo ld er
in to
th e
new
fo ld er.
Now ,
we

wil l
tr y
to
unders ta n d
th e
basic s
of
Netw ork M in er

usin g
a pca p
file .
Dow nlo ad
an y
pcap
file
fro m
th e

In te rn et.O pen
th e
Netw ork M in er
fr o m
th e

Netw ork M in er f o ld er p re se n t i n C /P ro gra m Fil e s.

Open
th e
dow nlo ad ed
pcap
file
in
Netw ork M in er

fr o m
File
an d
th en ,c lic k
open .
Choose
th e

dow nlo ad ed f ile . I t w ill t a k e s o m e t im e.

Afte r
lo ad in g
PC A P
file ,
an aly ze
th e
host

se ctio n.W e
can
se e
th e
en tir e
lis t
of
hosts
wit h
Ip

ad dre ss
in
asc en din g
ord er.A ls o ,w e
ca n
get
th e

in fo rm atio n
in
each
Ip
ad dre ss
su ch
as
MAC,
NIC

ven dor,
Opera tin g
Syste m ,
TT L,
Open
TC P
ports ,

num ber
of
se n t
an d
re ceiv ed
pac k ets ,
in co m in g
an d

outg oin g s e ssio ns.

We
hav e
vario us
optio ns.
?We
ca n
als o
obta in
MAC

Addre ss
in
asc en din g
ord er,
Hostn am e,
th e
deta ils

of
se n t
an d
re ceiv ed
pack ets
in
desc en din g
ord er.

Als o ,
we
can
get
th e
deta ils
of
se n t
an d
re ce iv ed

byte s
in
desc en din g
ord er.
We
ca n
obta in
th e

num ber
of
open
TC P
ports
in
desc e n din g

ord er.A ls o ,w e
can
ach ie v e
an
im porta n t
fe atu re
of

Netw ork
Min er
whic h
is
OS
fin gerp rin tin g.W e
ca n

get t h e r o ute r h opes d is ta n ce i n a sc en din g o rd er.

It
ca n
perfo rm
OS
fin gerp rin tin g
whic h
is
an

im porta n t f e atu re o f N etw ork M in er.

II I.
E XPERIMENTATION

Exam ple
on
ex tr a ctio n
of
em ail
ev id en ce
wit h

Wir esh ark a n d N etw ork m in er:

E.g .
Afte r
bein g
re le ase d
on
bail,
Ann
Derc o ver

dis a p pears !
Fortu nate ly ,
in vestig ato rs
were

ca re fu lly
monito rin g
her
netw ork
ac ti v ity
befo re

sh e s k ip ped t o w n.

“W e
belie v e
Ann
may
hav e
co m munic ate d
with
her

se cre t
lo ver,
Mr.
X,
befo re
sh e
le ft,”
sa y s
th e
polic e

ch ie f.
“T he
pac k et
cap tu re
may
co nta in
clu es
to
her

where a b outs .”

You
are
th e
fo re n sic
in vestig ato r.
Your
mis sio n
is

to
fig ure
out
what
Ann
em aile d ,
where
sh e
wen t,

an d r e co ver e v id en ce i n clu din g:

Fir s t
you
nee d
to
lo ad
th e
ev id en ce .p cap
file
in to

th e w ir e sh ark .

In
ord er
to
fin d
Ann’s
em ail
ad dre ss,
you
nee d
to

ch eck
th e
pro to co l
ta b
where
lis t
of
pro to co ls
are

dis p la y ed .
Sin ce
we
nee d
to
fin d
out
Ann’s
em ail

ad dre ss,
SM TP
pro to co l
is
use d .
We
need
to
rig ht

clic k o n t h e p ro to co l a n d f o llo w T C P s tr e am .

We c an a ls o f in d t h e e m ail i d o f A nn’s s e cre t l o ver.

We r e ad t h e l is t o f i te m s w hic h A nn a sk ed t o b rin g.

To
fin d
nam e
of
th e
atta ch m en t
Ann
se n t
to
her

se cre t
lo ver,
we
need
to
sta rt
th e
netw ork
min er
an d

lo ad
th e
ev id en ce.p cap
file
in
ord er
to
know
what

file s h av e b een s h are d .

On
ch eck in g
th e
?File s
ta b ,
we
can
get
in fo rm atio n

ab out w hat d ocu m en ts h av e b een m aile d b y A nn.

We c an a ls o f in d M D5 a n d S H A.

We c an f in d t h e l o catio n.

IV .
R ESULTS AND D
ISCUSSION
Afte r e x plo rin g N etw ork M in er, w e a n aly zed a ll

th e s e ctio ns p re se n t i n N etw ork M in er s u ch a s

Hosts , F ile s, I m ag es, C re d en tia ls ,

Anom alie s,e tc .A ls o ,w e p erfo rm ed a c ase s tu dy i n

whic h w e w ere a b le t o g et t h e e n cry pte d e m ail i d

an d p assw ord .W e g ot t h e m essa g e a s w ell a s t h e

atta ch m en t p re se n t i n t h e e m ail.A ls o , w e w ere a b le

to t r a ce t h e l o catio n o f t h e m is s in g g ir l.

?VI . F
UTURE S
COPE

Netw ork M in er
can
be
use d
in
co lle ctin g
fo re n sic

ev id en ces
th ro ugh
netw ork
th us
help in g
to
re d uce

th e
crim e
ra te s.
Als o
Netw ork M in er
ca n
be
use d

fo r
se cu rity
or
te stin g
purp o se s
where
we
ca n

ex am in e
how
se cu re
a partic u la r
web site
or

ap plic atio ns i s .

?VII .A
PPLICATIONS
1.
?Dig ita l
Fore n sic s
– ?We
all
are
aw are
ab out
th e

cy ber
crim es
th at
we
re a d
in
th e
new sp ap er
alm ost

daily .S o,h ere ,d ig ita l
fo re n sic s
pla y
an
im porta n t

ro le .A s
te ch nolo gy
is
in cre asin g
day
by
day ,c rim es

re la te d
to
dig ita l
are a
are
als o
ris in g
up
in
a fa st

pac e.S o,t o
co ntr o l
it
an d
van is h
th e
th re ats ,
dig it a l

fo re n sic s w ill b e o f g re at u se i n t h e f u tu re .

2.D ata
Analy sis
– ?We
are
in
a world
th ere
are
lo ts

of
data
av aila b le .S o,w e
can not
belie v e
th at
th is
data

wil l
be
alw ay s
se cu re .S o,t h is
data
need
to
be

in sp ec te d ,c le an ed ,t r a n sfo rm ed
an d
modelle d
so
th at

th ey
wil l
be
use fu l
to
build
models
usin g
Mac h in e

Lea rn in g,N eu ra l
Netw ork s,e tc .S o,w e
sh ould
be

ab le
to
se cu re
th e
data
pro perly .S o,t h is
is
ach ie v ed

usin g
Netw ork M in er
an d
th is
will
pro vid e
more

se cu re d ata f o r t h e f u tu re .

3.E duca ti o n
– As
th e
co m in g
gen era tio n
would
deal

more
wit h
te ch nolo gie s,t h e
pack et
an aly zer
to ols

lik e
Netw ork M in er,
Wir e sh ark ,F id dle r,e tc .w ould

be
of
gre at
help
to
th e
stu den ts
an d
th ey
ca n

perfo rm a m azin g a c ti v iti e s u sin g t h ese t o ols .

??
VIII . C
ONCLUSION
Netw ork M in er
th us
was
use d
to
perfo rm
liv e

sn if f in g
as
well
as
a case
stu dy
was
ex am in ed

base d
on
a parti c u la r
pack et
cap tu re
file
whic h
is

av ail a b le o n I n te rn et.

V.
R EFERENCES

https://www.netresec.com/

http://forensicscontest.com

https://download.netresec.com/pcap/ists-1
2/2015-03-08/

i. A uth or B io gra phic a l S ta te m en ts

Sm it a V is h nu M ore

Assis ta n t P ro fe sso r

Com pute r D ep artm en t

Pilla i C olle g e o f E ngin ee rin g

Jid nasa V ij a y kum ar P illa i

BE C om pute r

Pilla i C olle g e o f E ngin ee rin g

Rohin i B rid gitte S ta n ly

BE C om pute r

Pilla i C olle g e o f E ngin ee rin g

Pra jy ot P ra sa d S alg ao nkar

BE C om pute r

Pill a i C olle g e o f E ngin ee rin g

Anam ik a S an ap

BE C om pute r

Pill a i C olle g e o f E ngin ee rin g