Forensic analysis of network packets from penetration test toolkits

Abstract

Cyber-attacks are likely to continue to increase in size and frequency. As attackers get smarter than before, so do efforts made to protect against unwanted data theft. The purpose of this paper is to look for unusual patterns by repeatable experiments among the constant buzz of network packets that make up PT activities. The utilization of different PT toolkits, like Winfingerprint, Superscan, Nmap, SoftPerfect Network Scanner, NeoTrace, Nessus Vulnerability Scanner, and Path Analyzer Pro, facilitates cyber-attackers to bring down online system. It is capable of discerning network traffic on the vast streams of network information available through the connected machines from the following three phases: data collection, data reduction, and data analysis. Network forensics can aid in detecting attack behavior. This paper accommodates real-time evidence collection as a network feature against attackers. The identification of unusual patterns in network packets has been put to use in the ongoing battle to stay one step ahead of malicious hackers, who could be anyone from disgruntled customers to nation states. This approach can be easily deployed and should be applicable to any type of network-based assessment.