C.S. Projects

Hello

Network Forensic — Week 2

Week 2

This session we learned about Source of Network-based Evidence and Principles of Internetworking

There are different kinds of network-based evidence. Such as On the wire In the Air and Routers. On the wire is a physical cabling that carries data over the network. A wire tapping can provide real-time network data. There are different tap types, such as vampire tap, surreptitious fibre tap and infrastructure tap. Vampire tap punctures insulation and touches cables.Surreptitious fibre tapbends cable and cuts sheath which exposes light signal Infrastructure tap plugs into connectors and replicates signal.

In the air functions as wireless station to station signals. It may not be as useful as the others as the information obtained is usually encrypted, but there are still information that can be obtained such as:

  • Management and controls frames
  • Access Points
  • Stations Probes for AP’s and APs
  • MAC addresses of legitimate authenticated stations
  • Volume-based statistical traffic analysis


Routers connect traffic on different subnets or networks. It allows different addressing schemes to communicate. Routers make MANs, WANs, and GANs possible. Routers are useful sources fo numerous reasons such as:

  • Routing tables
    • Map ports on the router to networks they connect
    • Allows path tracing
  • Function as packet filters
  • Logging functions and flow records
  • Deployed intrusion detection



Internetworking on the other hand is the connection and communication between many networks. A link between networks must be established, routing for delivery of data packets, an account to keep track of status information are needed in other to establish internetworking.

Tags:

This entry was posted on Saturday, September 26th, 2020 at 8:12 am and is filed under Database System -- Semester 3, Ethical Hacking -- Semester 4, Intelligent System -- Semester 4, Network Forensic -- Semester 5, Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.