Network Forensics using Snort and Wireshark

  • Sakshi Singh, Suresh Kumar


The data and network security have been anissue of primary concern for most of the organizations as dependence on the exchange of information has increased exponentially. Network monitoring has now become an essential information protection aspect of defending attacks. Intrusion detection system (IDS) plays a vital role in network monitoring tools such as Wireshark and Snort. Wireshark and Snort can monitor intrusive electronic information graphically on network processes or movements.Network management using IDS and intrusion prevention system (IPS) improves network connectivity, efficiency and security. The Snort-IDS/IPS intrusion detection and prevention system is an open-source network security tool that has been used extensively to protect the organization’s network. In this article, we captured network traffic in real-time using Snort, and analyzed those captured packets by Wireshark for a detailed network analysis report. We also examined these packets in real-time.

Keywords: Data packets, Packet analysis, Snort, Wireshark