NetworkMiner Packet analyzer Conference on Technologies for Future Cities

NetworkMiner Packet analyzer
Conference on Technologies for Future Cities (CTFC) 2019

Prof. Smita vishnu more
Jidnasa Vijaykumar pillai, Rohini bridgitte stanly, Prajyot Prasad salgaonkar, Anamika sanap

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

Abstract:
In this digital world, crimes are increasing a lot. As advanced technologies are coming up, crimes related to these technologies are also rising with high speed. So, it is a high time to deal with it. It is the need of the hour to take necessary precautions against these crimes. We all know that the crime branch is taking essential steps to prevent the crimes from happening. But, we desire to contribute to their service to the nation. We will explore a packet analyzer called NetworkMiner and perform various activities related to browser. Also, we will perform a case study in which the missing case of a girl is solved using NetworkMiner. The NetworkMiner with the help of Wireshark will detect the email, the attachment as well as the location of the missing person. We will also do it in real time perspective.
Keywords:
NetworkMiner, Wireshark, packet analyzer, forensics

Submitted on:31 October 2018
Revised on:
Accepted on:
*Corresponding Author Email: [email protected] Phone:8828753911

Introduction
This paper introduces a kind of packet analyzer named NetworkMiner and its working along with real time examples.
NetworkMiner is an open source Network Forensic Analysis Tool.

Features of NetworkMiner include Network Forensics, Network Sniffing, PCAP Parser, Digital Forensics and Packet Sniffer.

Existing Application- Network Minor is a tool which used to fetch the critical credentials via the mail messages. This can be elaborated by the given case study.
Methodology
First Network Miner tool is to be installed from the Internet. Extract the downloaded file and change the location i.e. create a folder in C/Program Files and then, copy all the files from the extracted folder into the new folder. Now, we will try to understand the basics of NetworkMiner using a pcap file. Download any pcap file from the Internet.Open the NetworkMiner from the NetworkMiner folder present in C/ProgramFiles.

Open the downloaded pcap file in NetworkMiner from File and then,click open. Choose the downloaded file. It will take some time.

After loading PCAP file, analyze the host section.We can see the entire list of hosts with Ip address in ascending order.Also,we can get the information in each Ip address such as MAC, NIC vendor, Operating System, TTL, Open TCP ports, number of sent and received packets, incoming and outgoing sessions.

We have various options. We can also obtain MAC Address in ascending order, Hostname, the details of sent and received packets in descending order. Also, we can get the details of sent and received bytes in descending order. We can obtain the number of open TCP ports in descending order.Also,we can achieve an important feature of Network Miner which is OS fingerprinting.We can get the router hopes distance in ascending order.

It can perform OS fingerprinting which is an important feature of Network Miner.

Experimentation

Example on extraction of email evidence with Wireshark and Network miner:

E.g. After being released on bail, Ann Dercover disappears! Fortunately, investigators were carefully monitoring her network activity before she skipped town.
“We believe Ann may have communicated with her secret lover, Mr. X, before she left,” says the police chief. “The packet capture may contain clues to her whereabouts.”
You are the forensic investigator. Your mission is to figure out what Ann emailed, where she went, and recover evidence including:

First you need to load the evidence.pcap file into the wireshark.

In order to find Ann’s email address, you need to check the protocol tab where list of protocols are displayed. Since we need to find out Ann’s email address, SMTP protocol is used. We need to right click on the protocol and follow TCP stream.

We can also find the email id of Ann’s secret lover.

We read the list of items which Ann asked to bring.

To find name of the attachment Ann sent to her secret lover, we need to start the network miner and load the evidence.pcap file in order to know what files have been shared.

On checking the Files tab, we can get information about what documents have been mailed by Ann.

We can also find MD5 and SHA.

We can find the location.

Results and Discussion
After exploring Network Miner, we analyzed all the sections present in Network Miner such as Hosts, Files, Images, Credentials, Anomalies,etc.Also,we performed a case study in which we were able to get the encrypted email id and password.We got the message as well as the attachment present in the email.Also, we were able to trace the location of the missing girl.

vi. Future Scope

NetworkMiner can be used in collecting forensic evidences through network thus helping to reduce the crime rates. Also NetworkMiner can be used for security or testing purposes where we can examine how secure a particular website or applications is.

vii.Applications

1.Digital Forensics – We all are aware about the cyber crimes that we read in the newspaper almost daily.So,here,digital forensics play an important role.As technology is increasing day by day,crimes related to digital area are also rising up in a fast pace.So,to control it and vanish the threats, digital forensics will be of great use in the future.

2.Data Analysis – We are in a world there are lots of data available.So,we cannot believe that this data will be always secure.So,this data need to be inspected,cleaned,transformed and modelled so that they will be useful to build models using Machine Learning,Neural Networks,etc.So,we should be able to secure the data properly.So,this is achieved using NetworkMiner and this will provide more secure data for the future.

3.Education – As the coming generation would deal more with technologies,the packet analyzer tools like NetworkMiner, Wireshark,Fiddler,etc.would be of great help to the students and they can perform amazing activities using these tools.

viii. Conclusion
NetworkMiner thus was used to perform live sniffing as well as a case study was examined based on a particular packet capture file which is available on Internet.

v. References

https://www.netresec.com/

http://forensicscontest.com

https://download.netresec.com/pcap/ists-12/2015-03-08/

i. Author Biographical Statements

Smita Vishnu More
Assistant Professor
Computer Department
Pillai College of Engineering

Jidnasa Vijaykumar Pillai
BE Computer
Pillai College of Engineering

Rohini Bridgitte Stanly
BE Computer
Pillai College of Engineering

Prajyot Prasad Salgaonkar
BE Computer
Pillai College of Engineering

Anamika Sanap
BE Computer
Pillai College of Engineering