GROUP B

TOPICS:
GOALS AND LEARNING OBJECTIVES
SYSLOG
NETWORK MONITORING -
WIRESHARK, TCPDUMP, TSHARK, IPTABLES PART 1 AND PART 2
WIRESHARK -
FINDING MALWARE AND HACKERS PART 1 AND PART 2
NETWORK MONITORING -
WINCAP, NST, NETMINER AND NETWORX

PRESENTED BY:
GROUP B
 REPORTERS:
ALLANIC, SHAYNAA LAWAS, KHENT REYNAN
BRIONES, JOHN VINCENT MANAYAGA, MARRIZ
BRUFAL, IAN VINCENT RIO, JOHN CEL
CABONADA, NINO SALMERON, JEMUEL
CRUZANA, LOVELYN SUMALINOG, ALCRIS
DECLA, JONALIE TANILON, CHARLENE
FERNANDEZ, KLAIRE ANTHONY TIGLEY, ANTONETTE
LAURON, JESSIE VERGARA, MARY GRACE
VERGARA, VINCE RADEN
 GROUP B

NETWORK MONITORING FOR

THREATS:
 NETWORK MONITORING FOR
THREATS

Network monitoring is a critical IT process where all networking

components like routers, switches, firewalls, servers, and VMs
are monitored for fault and performance and evaluated
continuously to maintain and optimize their availability. One
important aspect of network monitoring is that it should be
proactive.
GOALS AND LEARNING OBJECTIVES:
The primary goals and learning objectives of network security monitoring
is to provide continuous service that checks the business environment for
suspicious activities and threats that are created to collect data for
network management applications.

SYSLOG:
Syslog monitoring is typically used to keep track of system and network
events, detect security threats, and troubleshoot problems.
NETWORK MONITORING -
Wireshark, tcpdump, tshark, iptables, iptables Part 1 and Part 2
 NETWORK MONIITORING -
WIRESHARK

Wire shark is a popular network

sniffing tool that provides GUI
WIRESHARK
to decode many protocols and
filters, a network traffic
monitoring tool that runs on a
network interface.
Example of WIRESHARK
 NETWORK MONIITORING - TCPDUMP is also one of the
TCPDUMP
most used network analysis
tools as it provides simplicity
and efficiency in one

TCPDUMP interface. It is a packet

analyzer that tracks and
records TCP/IP traffic
between a network and the
machine on which it is run.
Example of TCPDUMP
 TTSSHHAARRKK
TShark is a network protocol analyzer. It lets you capture packet
data from a live network, or read packets from a previously
saved capture file, either printing a decoded form of those
packets to the standard output or writing the packets to a file.
Example of TSHARK
 IPTABLES
Iptables is a powerful firewall/packet filtering framework inside
Linux, and obviously used for firewalls on desktop, servers, and
even embedded Linux devices such as most home internet routers.
It is a powerful program that can control network traffic by
filtering packets based on various criteria.
Example of IPTABLES
 WIRESHARK -
FINDING MALWARE AND HACKERS
PART 1 AND PART 2
GROUP B
 WIRESHARK –
FINDING MALWARE
AND HACKERS

Wire shark is generally only used by

professional penetration testers if
there is a problem with their hacking
tools, and they need to know why
their tool is failing.

Wire shark or similar tools are used

heavily within the forensics industry.
 WIRESHARK –
FINDING MALWARE AND HACKERS

To detect malware on a network, you must

inspect the network traffic for unexpected/
irregular traffic patterns.

Wireshark makes this easy for you to

accomplish. You can capture real life traffic,
save and analyze them offline for malwares.

What this means is that you need a knowledge

of malware analysis to start with.

Wireshark alone is not sufficient to do the job.

However, it will make your work quite easy.
 WIRESHARK –
FINDING MALWARE AND HACKERS
This tool lets you put your network
traffic under a microscope, and
then filter and drill down into it,
zooming in on the root cause of
problems, assisting with network
analysis and ultimately network
security.
 Wire shark is a packet sniffer, used
primarily for:

Detecting issues with the traffic

What is the use you've sent and/or received;
of wire shark in Decoding traffic obtained from
hacking? someone else. (Including
forensics);

Saving PCAP files for other tools

such as Moloch.
 NETWORK MONITORING -
WINCAP, NST, NETMINER AND NETWORX
GROUP B
NETWORK MONITORING –
WINCAP

WinPcap has been recognized as the

industry-standard tool for link-layer
network access in Windows
environments, allowing applications
to capture and transmit network
packets bypassing the protocol stack,
and including kernel-level packet
filtering, a network statistics engine
and support for remote packet
capture.
NETWORK MONITORING –
NST

Network Security Toolkit (NST)

is a Linux-based Live DVD/USB
Flash Drive that provides a set of
free and open-source computer
security and networking tools to
perform routine security and
networking diagnostic and
monitoring tasks
 NETWORK MONITORING –
NETMINER

Net Miner is an application software for exploratory

analysis and visualization of large network data based on
SNA (Social Network Analysis).

Network Miner can be used as a passive network

sniffer/packet capturing tool in order to detect operating
systems, sessions, hostnames, open ports etc. without
putting any traffic on the network.
Example
Exampleof
ofNETMINER
TSHARK
 NETWORK MONITORING –
NETWORX
NetWorx is a simple yet versatile tool that helps
you monitor your Internet connection. It can
collect usage data, monitor connection quality,
and measure the speed of your Internet. It can
also assist in identifying possible sources of
network problems, ensuring that you do not
exceed your ISP usage limits and tracking down
suspicious network activity.
Example of networx
THANK
YOU
FROM: GROUP B