{"id":6569,"date":"2024-01-08T15:11:58","date_gmt":"2024-01-08T07:11:58","guid":{"rendered":"https:\/\/aiportek.com\/?p=6569"},"modified":"2025-09-15T17:18:19","modified_gmt":"2025-09-15T09:18:19","slug":"construction-of-portable-network-forensics-toolkit-by-profishark","status":"publish","type":"post","link":"https:\/\/aiportek.com\/en\/construction-of-portable-network-forensics-toolkit-by-profishark\/","title":{"rendered":"HongKeys Solution] Using ProfiShark to Build Portable Network Forensics Toolkit"},"content":{"rendered":"<div data-elementor-type=\"wp-post\" data-elementor-id=\"6569\" class=\"elementor elementor-6569\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-324a5705 elementor-section-stretched elementor-section-full_width elementor-section-height-default elementor-section-height-default\" data-id=\"324a5705\" data-element_type=\"section\" data-settings=\"{&quot;stretch_section&quot;:&quot;section-stretched&quot;}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-no\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-25ace4c5\" data-id=\"25ace4c5\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-inner-section elementor-element elementor-element-5b67c944 elementor-section-full_width elementor-section-content-middle elementor-section-height-default elementor-section-height-default\" data-id=\"5b67c944\" data-element_type=\"section\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-no\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-9b8ebea elementor-invisible\" data-id=\"9b8ebea\" data-element_type=\"column\" data-settings=\"{&quot;animation&quot;:&quot;fadeInLeft&quot;}\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-24594af7 elementor-widget elementor-widget-heading\" data-id=\"24594af7\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Hongke Sharing] Using ProfiShark to Build a Portable Network Forensics Toolkit<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-022b10b elementor-widget elementor-widget-post-info\" data-id=\"022b10b\" data-element_type=\"widget\" data-widget_type=\"post-info.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul class=\"elementor-inline-items elementor-icon-list-items elementor-post-info\">\n\t\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item elementor-repeater-item-2358f4d elementor-inline-item\" itemprop=\"author\">\n\t\t\t\t\t\t<a href=\"https:\/\/aiportek.com\/en\/author\/hongketechnology\/\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t\t<svg aria-hidden=\"true\" class=\"e-font-icon-svg e-far-user-circle\" viewbox=\"0 0 496 512\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"><path d=\"M248 104c-53 0-96 43-96 96s43 96 96 96 96-43 96-96-43-96-96-96zm0 144c-26.5 0-48-21.5-48-48s21.5-48 48-48 48 21.5 48 48-21.5 48-48 48zm0-240C111 8 0 119 0 256s111 248 248 248 248-111 248-248S385 8 248 8zm0 448c-49.7 0-95.1-18.3-130.1-48.4 14.9-23 40.4-38.6 69.6-39.5 20.8 6.4 40.6 9.6 60.5 9.6s39.7-3.1 60.5-9.6c29.2 1 54.7 16.5 69.6 39.5-35 30.1-80.4 48.4-130.1 48.4zm162.7-84.1c-24.4-31.4-62.1-51.9-105.1-51.9-10.2 0-26 9.6-57.6 9.6-31.5 0-47.4-9.6-57.6-9.6-42.9 0-80.6 20.5-105.1 51.9C61.9 339.2 48 299.2 48 256c0-110.3 89.7-200 200-200s200 89.7 200 200c0 43.2-13.9 83.2-37.3 115.9z\"><\/path><\/svg>\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text elementor-post-info__item elementor-post-info__item--type-author\">\n\t\t\t\t\t\t\t\t\t\tHongKeTechnology\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t<\/li>\n\t\t\t\t<li class=\"elementor-icon-list-item elementor-repeater-item-a689c23 elementor-inline-item\" itemprop=\"datePublished\">\n\t\t\t\t\t\t<a href=\"https:\/\/aiportek.com\/en\/2024\/01\/08\/\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t\t<svg aria-hidden=\"true\" class=\"e-font-icon-svg e-fas-calendar\" viewbox=\"0 0 448 512\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"><path d=\"M12 192h424c6.6 0 12 5.4 12 12v260c0 26.5-21.5 48-48 48H48c-26.5 0-48-21.5-48-48V204c0-6.6 5.4-12 12-12zm436-44v-36c0-26.5-21.5-48-48-48h-48V12c0-6.6-5.4-12-12-12h-40c-6.6 0-12 5.4-12 12v52H160V12c0-6.6-5.4-12-12-12h-40c-6.6 0-12 5.4-12 12v52H48C21.5 64 0 85.5 0 112v36c0 6.6 5.4 12 12 12h424c6.6 0 12-5.4 12-12z\"><\/path><\/svg>\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text elementor-post-info__item elementor-post-info__item--type-date\">\n\t\t\t\t\t\t\t\t\t\t<time>January 8, 2024<\/time>\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t<\/li>\n\t\t\t\t<\/ul>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-92518dd elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"92518dd\" data-element_type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-72909063 elementor-widget elementor-widget-text-editor\" data-id=\"72909063\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>This article discusses in detail the need to build a portable network forensics toolkit and highlights the ProfiShark 1G - an efficient, pocket-sized network TAP appliance that is ideal for network forensics due to its excellent data capture capabilities, portability and ease of use. This article further explains how to combine ProfiShark 1G with other necessary tools and software, such as Wireshark, to build a complete network forensics solution.<\/p><p><strong>\u00a0<\/strong><\/p><p><strong>Article Quick Facts:<\/strong><\/p><ul><li><span style=\"font-family: hongke;\">Why use a portable web forensics tool?<\/span><\/li><li><span style=\"font-family: hongke;\">Building a Portable Network Forensics Kit<\/span><\/li><li><span style=\"font-family: hongke;\">Forensic Analysis<\/span><\/li><li><span style=\"font-family: hongke;\">Benefits of ProfiShark 1G as a portable splitter<\/span><\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2f4e2450 elementor-widget elementor-widget-text-editor\" data-id=\"2f4e2450\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-family: hongke;\">The network security field is increasingly emphasizing the flexible application of portable forensic tools. This paper introduces how to construct a portable network forensics toolkit with ProfiShark 1G as the core to improve the efficiency and effectiveness of network forensics.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-45d10f64 elementor-invisible\" data-id=\"45d10f64\" data-element_type=\"column\" data-settings=\"{&quot;animation&quot;:&quot;fadeInRight&quot;}\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-54887b5a elementor-widget__width-initial elementor-widget elementor-widget-image\" data-id=\"54887b5a\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"584\" height=\"584\" src=\"https:\/\/aiportek.com\/wp-content\/uploads\/2024\/01\/\u829e\uf6bc.jpg\" class=\"attachment-full size-full wp-image-6603\" alt=\"\" srcset=\"https:\/\/aiportek.com\/wp-content\/uploads\/2024\/01\/\u829e\uf6bc.jpg 584w, https:\/\/aiportek.com\/wp-content\/uploads\/2024\/01\/\u829e\uf6bc-300x300.jpg 300w, https:\/\/aiportek.com\/wp-content\/uploads\/2024\/01\/\u829e\uf6bc-100x100.jpg 100w, https:\/\/aiportek.com\/wp-content\/uploads\/2024\/01\/\u829e\uf6bc-150x150.jpg 150w, https:\/\/aiportek.com\/wp-content\/uploads\/2024\/01\/\u829e\uf6bc-12x12.jpg 12w\" sizes=\"(max-width: 584px) 100vw, 584px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-inner-section elementor-element elementor-element-4f3d4846 animated-fast elementor-section-boxed elementor-section-height-default elementor-section-height-default elementor-invisible\" data-id=\"4f3d4846\" data-element_type=\"section\" data-settings=\"{&quot;animation&quot;:&quot;fadeInUp&quot;,&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-no\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-inner-column elementor-element elementor-element-47e7af26\" data-id=\"47e7af26\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-34a2994b elementor-widget elementor-widget-heading\" data-id=\"34a2994b\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h4 class=\"elementor-heading-title elementor-size-small\">Why should I use a portable network forensics tool?<\/h4>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-779a6b82 elementor-widget elementor-widget-text-editor\" data-id=\"779a6b82\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-family: hongke;\"><strong>1<\/strong><strong>The company's own needs<\/strong><\/span><\/p><p><span style=\"font-family: hongke;\">Network forensics and network security teams need the ability to intercept network traffic and capture data packets in real-time to prevent threats and real-time attacks. Enterprise organizations need to build network blocking and traffic capture mechanisms based on the size and architecture of their network. For example, a company with a large network of distributed data centers must deploy multiple capture points and send packets to a centralized packet analysis appliance (network analyzer) capable of receiving and analyzing data at speeds of 10 Gbps or even up to 100 Gbps.<\/span><\/p><p><span style=\"font-family: hongke;\">\u00a0<\/span><\/p><p><span style=\"font-family: hongke;\"><strong>2<\/strong><strong>The Difficulties Faced by Enterprises<\/strong><\/span><\/p><p><span style=\"font-family: hongke;\">However, not all companies have multiple data centers in a distributed architecture. Most SMBs host their entire IT infrastructure at a single site. Most of these companies cannot afford to invest in network security analytics. So what can these SMBs do to improve their corporate cybersecurity?<\/span><\/p><p>\u00a0<\/p><p><span style=\"font-family: hongke;\">The answer is, a portable network forensics toolkit. Much less expensive, yet still capable of on-demand, real-time forensic analysis of any segment of the network.<\/span><\/p><p>\u00a0<\/p><p><span style=\"font-family: hongke;\">Even large, multi-branch organizations can't deny its utility and benefits. In the case of a cyber attack, a branch office is disconnected from headquarters and the local IT team wants to perform forensic analysis on the branch's internal network. Or, what if the network analyzer equipment is isolated in the data center due to internal connectivity issues? In such cases, even large organizations favor portable forensic kits for short investigation times.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-inner-section elementor-element elementor-element-d155152 animated-fast elementor-section-boxed elementor-section-height-default elementor-section-height-default elementor-invisible\" data-id=\"d155152\" data-element_type=\"section\" data-settings=\"{&quot;animation&quot;:&quot;fadeInUp&quot;,&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-no\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-inner-column elementor-element elementor-element-eccd945\" data-id=\"eccd945\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-0582867 elementor-widget elementor-widget-heading\" data-id=\"0582867\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h4 class=\"elementor-heading-title elementor-size-small\">II. Construction of a portable network forensics suite<\/h4>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a0bef89 elementor-widget elementor-widget-text-editor\" data-id=\"a0bef89\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"font-family: hongke;\">Next, we will introduce the three basic tools for building a portable suite for forensic analysis.<\/span><\/p><p><span style=\"font-family: hongke;\">\u00a0<\/span><\/p><p>\u00a0<\/p><p><span style=\"font-family: hongke;\"><strong>1<\/strong><strong>A laptop computer.<\/strong><\/span><\/p><p><span style=\"font-family: hongke;\">The first thing you need is a laptop.<\/span><\/p><p><span style=\"font-family: hongke;\">1) Minimum Specifications: 4GB of RAM, Fast Storage Device (SSD) with a capacity of at least 500GB, 1Gbps NIC, USB 3.0 port, and 3 hours of battery backup.<\/span><\/p><p>\u00a0<\/p><p><span style=\"font-family: hongke;\">2) We highly recommend using SSD (Solid State Disk) based storage devices as they are much faster than hard disks and this speed is beneficial for proper capture. Before you can begin forensic analysis of the network, you first need to capture and store the data packets on your laptop. Solid state hard disk storage gives you a significant time advantage if you can store and parse packets as quickly as possible during a security crisis. Hard disks typically have a maximum disk write speed of 100 MB\/s, compared to much faster disk write speeds of 500 MB\/s for SSDs (and even higher for some SSDs).<\/span><\/p><p>\u00a0<\/p><p><span style=\"font-family: hongke;\">3) This laptop should not be a machine used by the IT team on a day-to-day basis, as this would mean that a large number of applications would be installed on it, with significant changes to the registry and an increase in memory load, leading to a reduction in performance. Instead, this laptop should be a specific machine dedicated to a specific purpose, such as forensic analysis or on-site troubleshooting. The next section explains the requirements for USB 3.0 ports.<\/span><\/p><p><span style=\"font-family: hongke;\">\u00a0<\/span><\/p><p>\u00a0<\/p><p><span style=\"font-family: hongke;\"><strong>2<\/strong><strong>Data Packet Analyzer<\/strong><\/span><\/p><p><span style=\"font-family: hongke;\">Next, a packet analyzer (also known as a packet sniffer) is needed, which is a tool (software or hardware) that can record, parse, and analyze traffic passing through a network. As data flows over the network, the packet analyzer receives the captured packets and decodes the raw data of the packets, displaying the values of the fields in the packets (e.g. TCP headers, session details, etc.). You can analyze these values according to the corresponding RFC specification to deduce whether there is any abnormal behavior during the transmission of the packet between network points.<\/span><\/p><p><span style=\"font-family: hongke;\">\u00a0<\/span><\/p><p>\u00a0<\/p><p><span style=\"font-family: hongke;\"><strong>3<\/strong><strong>Portable Network Splitters<\/strong><\/span><\/p><p><span style=\"font-family: hongke;\">For network forensics, a specific packet capture device is required that can intercept and capture packets in real-time traffic. Of the two methods of capturing packets, SPAN (port mirroring) and TAP over the network, the latter is the more reliable and accurate. TAP captures packets over the wire, ensuring that the 100% captures packets in real-time in real-time traffic. TAPs are widely used for security applications because they are non-intrusive and undetectable over the network and have no physical or logical address. As a result, forensic teams can perform their activities in stealth mode.<\/span><\/p><p>\u00a0<\/p><p><span style=\"font-family: hongke;\">Among the various types of TAPs available today, portable TAPs are rapidly gaining popularity due to their flexibility to be carried in the field and deployed immediately at any location. How to choose a portable TAP? The two necessary conditions are: first, powerful enough to handle all the traffic; second, portable and easy to deploy.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-inner-section elementor-element elementor-element-573ec77 animated-fast elementor-section-boxed elementor-section-height-default elementor-section-height-default elementor-invisible\" data-id=\"573ec77\" data-element_type=\"section\" data-settings=\"{&quot;animation&quot;:&quot;fadeInUp&quot;,&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-no\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-inner-column elementor-element elementor-element-9166b91\" data-id=\"9166b91\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-b9f4aaf elementor-widget elementor-widget-heading\" data-id=\"b9f4aaf\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h4 class=\"elementor-heading-title elementor-size-small\">III. Forensic analysis<\/h4>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-042e145 elementor-widget elementor-widget-text-editor\" data-id=\"042e145\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Here is some additional knowledge about forensic analysis. You can start with a few basic steps in forensic analysis.<\/p><p>\u00a0<\/p><p>\u00a0<\/p><p><strong>1<\/strong><strong>Check the time of the event<\/strong><\/p><p>Event timings (i.e., the time between events) are critical for recognizing the presence of malicious activity on a network. Events that occur within a short period of time (e.g., hundreds of milliseconds or even seconds) indicate that they were generated by a robot or malware. For example, dozens of DNS requests for a single website received from the same source IP in a few milliseconds, or dozens of DNS requests for a single website received from multiple source IPs in a few milliseconds.<\/p><p>Examples of multiple DNS requests received for a single website suggest that these requests may have been generated by automation. scripts initiated by robots or malware.<\/p><p>\u00a0<\/p><p>\u00a0<\/p><p><strong>2<\/strong><strong>Check DNS<\/strong><strong>flux<\/strong><\/p><p>Since DNS is the main processor of all requests sent to the Internet, you should check the traffic activity on your DNS server. If there is a rogue system or a web worm on the network and it is possible to establish an outbound connection to the Internet, then you can detect its malicious activity on the DNS server. If you see an unusually high number of connection requests from the same source IP for a short period of time (e.g., a few hundred milliseconds), then this may be malicious activity and you can dig deeper into the packet headers to investigate further. If your DNS server is being bombarded with requests, it is likely under a DoS attack.<\/p><p>\u00a0<\/p><p>\u00a0<\/p><p><strong>3<\/strong><strong>Check for man-in-the-middle attacks.<\/strong><\/p><p>This is one of the most common attacks in organizational networks. A Man-in-the-Middle (MitM) attack is an attack in which an attacker attempts to infiltrate a network by acting as one of the trusted systems in the network. Use the Filter option to filter all packets to see only ARP packets. If you see a lot of ARP traffic (broadcasts and replies), then this is suspicious. Since all trusted systems on a running network usually have MAC to IP mapping in their caches, you shouldn't see a long string of ARP messages. Dig deeper into the source and destination addresses in the packet headers and investigate further to find out if a MitM attack is taking place.<\/p><p><strong>\u00a0<\/strong><\/p><p><strong>4<\/strong><strong>Check<\/strong><strong>DOS (DDOS)<\/strong><strong>Attack<\/strong><\/p><p>This is one of the most common attacks, and can be carried out within or from outside the network.The purpose of a DoS (Denial of Service) attack is to drain resources from the machine or network, ultimately rendering it unavailable to the actual user. To quickly recognize if a DoS attack has occurred, filter the TCP packets in Wireshark. Use the options on Wireshark to view a packet sequence graph that illustrates the flow of TCP connections through the arrows between the source and target systems. If you see a large number of TCP\/SYN packets being bombarded from a single source IP to a target server IP with no reply from the server IP, or only SYN-ACK messages with no ACK reply from the source, then you are most likely watching an actual DoS attack. If you see a long string of TCP\/SYN requests bombarding the target server P from multiple source IPs, then this is a DDoS (Distributed Denial of Service) attack, where multiple rogue systems attack the target server and are more lethal than a DoS attack.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-inner-section elementor-element elementor-element-0879bf7 animated-fast elementor-section-boxed elementor-section-height-default elementor-section-height-default elementor-invisible\" data-id=\"0879bf7\" data-element_type=\"section\" data-settings=\"{&quot;animation&quot;:&quot;fadeInUp&quot;}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-no\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-inner-column elementor-element elementor-element-c2ad30f\" data-id=\"c2ad30f\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-0051db9 elementor-widget elementor-widget-heading\" data-id=\"0051db9\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h4 class=\"elementor-heading-title elementor-size-small\">Advantages of ProfiShark 1G as a portable splitter<\/h4>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-dfc5c03 elementor-widget elementor-widget-text-editor\" data-id=\"dfc5c03\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><strong>1<\/strong><strong>Compact, truly portable, and not dependent on external power.<\/strong>Can be used in any position.<\/p><p>\u00a0<\/p><p><strong>2<\/strong><strong>,<\/strong><strong>2<\/strong><strong>Gigabit network ports.<\/strong>Two traffic streams can be perfectly combined and transmitted through a single monitoring port.<\/p><p>\u00a0<\/p><p><strong>3<\/strong><strong>Utilization<\/strong><strong>USB 3.0<\/strong><strong>The powerful features of this program allow data transfers at speeds of up to<\/strong><strong>5 Gbps<\/strong><strong>The<\/strong>Easily transfer 2 Gbps aggregated traffic streams over a USB 3.0 link. This means that the buffer memory doesn't need to discard any packets or store them long enough to affect their timing. Because it can be easily connected to a laptop's USB port, it's the best part of plug-and-play.<\/p><p>\u00a0<\/p><p><strong>4<\/strong><strong>ProfiShark 1G<\/strong><strong>Equipped with its own GUI-based<\/strong><strong>Configuration Software ProfiShark Manager<\/strong><strong>(math.) genus<\/strong>It works with any network analyzer (WireShark, Omnipeek, etc.) and is compatible with Windows and Linux platforms.<\/p><p>\u00a0<\/p><p><strong>5<\/strong><strong>,<\/strong><strong>ProfiShark Manager<\/strong><strong>Allows one-click traffic capture directly on the laptop without requiring a special network analyzer to capture traffic.<\/strong>This is especially useful when you need to capture traffic on a remote segment and want to analyze the traffic on a computer other than your laptop by exporting a PCAP file.The GUI also has a counter section that shows the internal counters for the two network ports A and B. This shows the number of valid\/invalid packets, CRC errors and different packet sizes. This shows the number of valid\/invalid packets, CRC errors, conflicts and different packet sizes. This is a quick way to see the quality of traffic received on each port without having to open the Network Analyzer.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-inner-section elementor-element elementor-element-4fc9c38d animated-fast elementor-section-boxed elementor-section-height-default elementor-section-height-default elementor-invisible\" data-id=\"4fc9c38d\" data-element_type=\"section\" data-settings=\"{&quot;animation&quot;:&quot;fadeInUp&quot;}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-no\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-inner-column elementor-element elementor-element-13199b58\" data-id=\"13199b58\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-2852007c elementor-shape-circle e-grid-align-right e-grid-align-mobile-center elementor-grid-0 elementor-widget elementor-widget-social-icons\" data-id=\"2852007c\" data-element_type=\"widget\" data-widget_type=\"social-icons.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-social-icons-wrapper elementor-grid\" role=\"list\">\n\t\t\t\t\t\t\t<span class=\"elementor-grid-item\" role=\"listitem\">\n\t\t\t\t\t<a class=\"elementor-icon elementor-social-icon elementor-social-icon-facebook-f elementor-repeater-item-3f782a3\" target=\"_blank\">\n\t\t\t\t\t\t<span class=\"elementor-screen-only\">Facebook-f<\/span>\n\t\t\t\t\t\t<svg aria-hidden=\"true\" class=\"e-font-icon-svg e-fab-facebook-f\" viewbox=\"0 0 320 512\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"><path d=\"M279.14 288l14.22-92.66h-88.91v-60.13c0-25.35 12.42-50.06 52.24-50.06h40.42V6.26S260.43 0 225.36 0c-73.22 0-121.08 44.38-121.08 124.72v70.62H22.89V288h81.39v224h100.17V288z\"><\/path><\/svg>\t\t\t\t\t<\/a>\n\t\t\t\t<\/span>\n\t\t\t\t\t\t\t<span class=\"elementor-grid-item\" role=\"listitem\">\n\t\t\t\t\t<a class=\"elementor-icon elementor-social-icon elementor-social-icon-twitter elementor-repeater-item-c359063\" target=\"_blank\">\n\t\t\t\t\t\t<span class=\"elementor-screen-only\">Twitter<\/span>\n\t\t\t\t\t\t<svg aria-hidden=\"true\" class=\"e-font-icon-svg e-fab-twitter\" viewbox=\"0 0 512 512\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"><path d=\"M459.37 151.716c.325 4.548.325 9.097.325 13.645 0 138.72-105.583 298.558-298.558 298.558-59.452 0-114.68-17.219-161.137-47.106 8.447.974 16.568 1.299 25.34 1.299 49.055 0 94.213-16.568 130.274-44.832-46.132-.975-84.792-31.188-98.112-72.772 6.498.974 12.995 1.624 19.818 1.624 9.421 0 18.843-1.3 27.614-3.573-48.081-9.747-84.143-51.98-84.143-102.985v-1.299c13.969 7.797 30.214 12.67 47.431 13.319-28.264-18.843-46.781-51.005-46.781-87.391 0-19.492 5.197-37.36 14.294-52.954 51.655 63.675 129.3 105.258 216.365 109.807-1.624-7.797-2.599-15.918-2.599-24.04 0-57.828 46.782-104.934 104.934-104.934 30.213 0 57.502 12.67 76.67 33.137 23.715-4.548 46.456-13.32 66.599-25.34-7.798 24.366-24.366 44.833-46.132 57.827 21.117-2.273 41.584-8.122 60.426-16.243-14.292 20.791-32.161 39.308-52.628 54.253z\"><\/path><\/svg>\t\t\t\t\t<\/a>\n\t\t\t\t<\/span>\n\t\t\t\t\t\t\t<span class=\"elementor-grid-item\" role=\"listitem\">\n\t\t\t\t\t<a class=\"elementor-icon elementor-social-icon elementor-social-icon-linkedin-in elementor-repeater-item-640bc33\" target=\"_blank\">\n\t\t\t\t\t\t<span class=\"elementor-screen-only\">Linkedin-in<\/span>\n\t\t\t\t\t\t<svg aria-hidden=\"true\" class=\"e-font-icon-svg e-fab-linkedin-in\" viewbox=\"0 0 448 512\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"><path d=\"M100.28 448H7.4V148.9h92.88zM53.79 108.1C24.09 108.1 0 83.5 0 53.8a53.79 53.79 0 0 1 107.58 0c0 29.7-24.1 54.3-53.79 54.3zM447.9 448h-92.68V302.4c0-34.7-.7-79.2-48.29-79.2-48.29 0-55.69 37.7-55.69 76.7V448h-92.78V148.9h89.08v40.8h1.3c12.4-23.5 42.69-48.3 87.88-48.3 94 0 111.28 61.9 111.28 142.3V448z\"><\/path><\/svg>\t\t\t\t\t<\/a>\n\t\t\t\t<\/span>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"<p>The network security field is increasingly emphasizing the flexible application of portable forensic tools. This article introduces how to construct a ProfiShark 1G as the core of the portable network forensics toolkit, in order to improve the efficiency and effectiveness of network forensics.<\/p>","protected":false},"author":1,"featured_media":6603,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"elementor_header_footer","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[18],"tags":[37,36],"class_list":["post-6569","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-18","tag-profishark","tag-36"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/aiportek.com\/en\/wp-json\/wp\/v2\/posts\/6569","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/aiportek.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/aiportek.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/aiportek.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/aiportek.com\/en\/wp-json\/wp\/v2\/comments?post=6569"}],"version-history":[{"count":39,"href":"https:\/\/aiportek.com\/en\/wp-json\/wp\/v2\/posts\/6569\/revisions"}],"predecessor-version":[{"id":26188,"href":"https:\/\/aiportek.com\/en\/wp-json\/wp\/v2\/posts\/6569\/revisions\/26188"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/aiportek.com\/en\/wp-json\/wp\/v2\/media\/6603"}],"wp:attachment":[{"href":"https:\/\/aiportek.com\/en\/wp-json\/wp\/v2\/media?parent=6569"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/aiportek.com\/en\/wp-json\/wp\/v2\/categories?post=6569"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/aiportek.com\/en\/wp-json\/wp\/v2\/tags?post=6569"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}