Yahia, A and Atwell, E orcid.org/0000-0001-9395-3764 (2018) Evaluation of the capabilities of Wireshark as network intrusion system. Journal of Global Research in Computer Science, 9 (8). pp. 1-8. ISSN 2229-371X
Abstract
Network security professions learning network intrusion should be able to see attack signatures and learn the different techniques to detect them. Wireshark is an open source cross-platform protocol analyzer with a user-friendly interface. Wireshark has a protocol dissector that supports over 2000 protocols. In the paper we assume that Network Intrusion detection systems should have three components: a user interface, packet sniffer and a detection engine. The detection engine can either detect anomaly or signature based attacks but it must be automated: it should detect intrusions without human intervention. The paper shows that Wireshark can be considered a packet sniffer, protocol analyzer and trouble shooting tool but not a network intrusion detection system as it lacks the fundamental component which is an automated detection engine.
Metadata
Item Type: | Article |
---|---|
Authors/Creators: |
|
Dates: |
|
Institution: | The University of Leeds |
Academic Units: | The University of Leeds > Faculty of Engineering & Physical Sciences (Leeds) > School of Computing (Leeds) |
Depositing User: | Symplectic Publications |
Date Deposited: | 09 Nov 2018 13:05 |
Last Modified: | 09 Nov 2018 13:05 |
Published Version: | http://www.jgrcs.info/index.php/jgrcs/article/view... |
Status: | Published |
Publisher: | Journal of Global Research in Computer Science |
Open Archives Initiative ID (OAI ID): | oai:eprints.whiterose.ac.uk:138394 |