TITLE OF TOOLS:

1) Network miner
2) Wire shark

INTRODUCTION
NETWORK MINER:

Network Miner is a Network Forensic Analysis Tool for Windows. Network

Miner can be used as a passive network sniffer/packet capturing tool in order to
detect operating systems, sessions, hostnames, open ports etc. without putting
any traffic on the network. Network Miner can also parse p cap files for off-line
analysis and to regenerate/reassemble transmitted files and certificates from p
cap files. In contrast to other sniffers like Wireshark, Network Miner's display
focuses on hosts and their attributes rather than raw packets. For downloads and
more information, visit the Network Miner homepage.

Network Miner makes it easy to perform advanced Network Traffic Analysis

(NTA) by providing extracted artifacts in an intuitive user interface. The way
data is presented not only makes the analysis simpler, it also saves valuable time
for the analyst or forensic investigator.

Network Miner has, since the first release in 2007, become a popular tool
among incident response teams as well as law enforcement. Network Miner is
today used by companies and organizations all over the world.
WIRE SHARK:

Wireshark is the world's foremost network protocol analyser. It lets you see
what's happening on your network at a microscopic level. It is the de facto (and
often de jure) standard across many industries and educational institutions.
Wireshark development thrives thanks to the contributions of networking
experts across the globe. It is the continuation of a project that started in 1998.

Wireshark is a network packet analyser. A network packet analyser presents

captured packet data in as much detail as possible.

You could think of a network packet analyser as a measuring device for

examining what’s happening inside a network cable, just like an electrician uses a
voltmeter for examining what’s happening inside an electric cable (but at a higher
level, of course).

In the past, such tools were either very expensive, proprietary, or both. However,
with the advent of Wireshark, that has changed. Wireshark is available for free, is
open source, and is one of the best packet analysers available today.

Wireshark isn’t an intrusion detection system. It will not warn you when
someone does strange things on your network that he/she isn’t allowed to do.
However, if strange things happen, Wireshark might help you figure out what is
really going on.

Wireshark will not manipulate things on the network, it will only “measure”
things from it. Wireshark doesn’t send packets on the network or do other active
things
APPLICATIONS OF TOOLS

NETWORK MINER:

 Network Miner is a Network Forensic Analysis Tool (NFAT) for

Windows that can detect the OS, hostname and open ports of network
hosts through packet sniffing or by parsing a PCAP file.
 Network Miner can also extract transmitted files from network traffic.

 The way data is presented not only makes the analysis simpler, it also
saves valuable time for the analyst or forensic investigator.

 Network Miner allows the user to insert arbitrary string or byte-patterns

that shall be searched for with the keyword search functionality.

 Network Miner makes it easy to perform advanced Network Traffic

Analysis (NTA) by providing extracted artifacts in an intuitive user
interface

WIRE SHARK:

 Wireshark is a network packet analyser. A network packet analyser will

try to capture network packets and tries to display that packet data as
detailed as possible.
 It is basically a tool for seeing the bits and bytes flowing through a
network in human readable form. Without it, understanding a network
communication exchange would be practically impossible.
 As you may know, network protocol is broken down into 7-layers. The
part that Wire Shark deals with is layer 2 up to 7. Most well know
protocols can be decoded by Wire Shark.
 Wireshark is an computer network package capturing tool, previously
known as Ethereal. On a Windows OS, uses Win P Cap library inside.
 Wireshark will not manipulate things on the network, it will only
“measure” things from it. Wireshark doesn’t send packets on the network
or do other active things
BENEFITS OF TOOLS:

NETWORK MINER:

Network Miner automatically carves out the files found in the network
stream, saving them to a local folder.
Network Miner is a free Windows utility for analysing network traffic.
The tool is designed to only display the details most relevant to network
forensics.
There are several tools that could capture relevant details about the attack, so
you can analyse them to understand what transpired.
 Capture BAT can capture not only process-level activity on the laboratory
system, but also create a p cap file of the observed network traffic.
For a quick demonstration of Network Miner, I’ll use the p cap file I created
for the network forensics puzzle called Ms. Money many Mysterious Malware. 
Network Miner makes it easy to perform advanced Network Traffic Analysis
(NTA) by providing extracted artifacts in an intuitive user interface.
The way data is presented not only makes the analysis simpler, it also saves
valuable time for the analyst or forensic investigator.
 Network Miner allows the user to insert arbitrary string or byte-patterns that
shall be searched for with the keyword search functionality.

WIRE SHARK:

 Available for UNIX and windows.

 Capture live packet data from a network interface.
 open files containing packet data captured with t cp dump/Win Dump,
Wireshark, and many other packet capture programs.
 import packets from text files containing hex dumps of packet data.
 Display packets with very detailed protocol information.
 save packet data captured.
 export some or all packets in a number of capture file formats.
 filter packets on many criteria.
 search for packets on many criteria.
 colorize packet display based on filters.
 Create various statistics.
CONCLUSION

NETWORK MINER:

 the development of intelligent network forensic tools to focus on specific

type of network traffic analysis is a challenge in terms of future
perspective. This ill reduce time delays, less computational resources
requirement; minimize attacks, providing reliable and secured evidences,
and efficient investigation with minimum efforts. Moreover, network
forensics at distributed networks of the cloud computing needs to be
explored.

WIRE SHARK:

 Securities not regarding to a particular firewall, manufacturer, brand and

working system. Accurately configured firewalls, strong passwords to
change on regular basis, antivirus update on standard basis, all these
essentials used in concert for better security practices. Lack in bad
products can beat with good practices, whereas bad procedure can be
weak otherwise excellent products. There are still many complications
that require to be take on, the most noteworthy is that mobile agents and
mobile agents platform protection. If intruder makes some variations in
our mobile agent platform or mobile agent, then it may fail the entire
process. In future, some security techniques should be taken for sure
security.
REFERENCES

NETWORK MINER:

 Suleman khan, A Gani, A W A Wahab: Network forensics: Review,

taxonomy, and challenge [2016].
 Gulshan Shrivastava: network forensics: methodical literature review
[IEE-2016]
 Sherri Davido and Jonathan Ham: Network forensics tracking hackers
through cyberspace [book]

WIRE SHARK:

 S. V. Patil, Dr. S. D. Khamitkar, “Mobile Agents for Sniffer Detection in

Network Security Management”.
 S. V. Patil, Dr. S. D. Khamitkar & S. N. Lokhande, “Efficient use of
Mobile Agents for Network Security & Management”, Global Journal of
Computer Science and Technology Network.
 Patil S.V., Naik N.A., Dr. Khamitkar S.D., “Network Traffic
Management using Mobile Agents”, International Journal of Computer
Science & Technology