Network and System Monitoring Analysis
Uses of a SPAN port
A Switched Port Analyzer is a port mirroring technology by CISCO used on network devices for various purposes (EdwinCheong et al., 2017). Three of the purposes would enable forensic experts to obtain data for analysis. These include application monitoring, intrusion detection, and checking network issues and performance. Network traffic would be captured in application monitoring to show the ports used and which applications (EdwinCheong et al., 2017). This would enable a forensic expert to obtain an application’s name, port, and time.
SPAN would provide information on unusual network traffic patterns when checking for network issues. This information is obtained when SPAN delivers a copy of the network traffic from a source (EdwinCheong et al., 2017). Such a feature would also be helpful to network administrators when troubleshooting network issues. They would identify the point of the network where problems occurred.
When investigating intrusion activities, a forensic expert would use the SPAN port (EdwinCheong et al., 2017). The network traffic copied from a source would be used to analyze unusual activities. This would be more like an audit trail. It would show the source of certain packets and the route to the destination host(s). It would indicate the time and packets transferred.
Disadvantages of a SPAN port
Packets cannot be transmitted in full duplex mode (EdwinCheong et al., 2017). This means that packets will drop when shared on a full duplex. A SPAN has limited destinations and sources. This means that one could only see limited traffic information. One must make configurations to change the number of destinations and sources (EdwinCheong et al., 2017). Therefore, one would change configurations after viewing some traffic to see the next traffic segment on a switch. Also, should more users be required to use the SPAN port simultaneously, they would encounter contention (EdwinCheong et al., 2017). It would be a case of many users making SPAN port configurations simultaneously that cannot be supported.
Another disadvantage is that SPAN ports are allocated lower priority than regular ports (EdwinCheong et al., 2017). When SPAN ports are dropped in peak network traffic, the SPAN report obtained would be incomplete. Therefore, the report would mislead the network expert or administrator who is receiving the report (EdwinCheong et al., 2017). Also, when errors such as those of media and hardware are experienced, they are dropped. This is another reason why a SPAN report would be incomplete and misleading. The two errors are encountered when packets are smaller than the minimum acceptable size (EdwinCheong et al., 2017).
Wireshark Filters
Wireshark is a network traffic analyzer tool. It is used to capture network packets for analysis (Ndatinya et al., 2015). This is done through two filters: capture and display. The capture filter captures packets using a given criterion (Singh & Kumar, 2020). The criterion is entered on the filter field. For example, a network administrator would want to use the capture filter feature to capture telnet packets. The network administrator would type telnet on the filter field. Then run Wireshark. This would display all telnet packets on the network traffic at the given time. The capture filter cannot be edited during or after running Wireshark; hence, the requirement is to set the filter before running Wireshark (Singh & Kumar, 2020).
The display filter is used to specify the packets to be displayed (Singh & Kumar, 2020). This would be determined based on a field value, protocol, or comparison. For example, one could have a display filter for HTTP, FTP, etc. Some comparison operators will be used on the display field to compare field values (Singh & Kumar, 2020). For example, a Wireshark user would type IP to display packets for a specific IP address. addr = = 192.168.2.100. Only packets related to IP address 192.168.2.100 would be shown.
Some non-Ethernet protocols captured on Wireshark include HTTP, FTP, and SMTP (Singh & Kumar, 2020). The Hypertext Transfer Protocol is used on the application layer to send documents from one point to another. It is not necessarily an Ethernet protocol because it can be used online. The File Transfer Protocol is also an application layer protocol that transfers files from one host to another. The Simple Mail Transfer Protocol is used for email transmission over the internet.
Dictionary and Bruter
Brute force is used to guess passwords by trying various password combinations (Lundberg, 2019). To be successful in brute force, a dictionary with words that are most probably used on passwords would be helpful. For example, most computer users use their names or pets’ names as passwords (Bošnjak et al., 2018). Therefore, a dictionary with human beings’ names, sports names, pets’ names, and popular or celebrity names would be helpful if kept in a dictionary of the Bruter program (Bošnjak et al., 2018). The dictionary would be used on sites such as an e-commerce site (Lundberg, 2019). Most people conduct businesses online, making an e-commerce site a target of brute force attacks.
References
Bošnjak, L., Sreš, J., & Brumen, B. (2018, May). Brute-force and dictionary attack on hashed real-world passwords [Paper presentation]. 2018 41st International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO). https://www.researchgate.net/publication/326700354_Brute-force_and_dictionary_attack_on_hashed_real-world_passwords
Edwin Cheong, L. T., Lim, L. J., JosephNg, P. S., MayKang, C. M., Phan, K. Y., & Wong, S. W. (2017). JomNetwork: Reaffirming Resource Allocation through Network Monitoring. Journal of Information Systems Research and Innovation, 11(2), 16-22. https://seminar.utmspace.edu.my/jisri/download/Vol11-2/Paper3-Edwin-Edit.pdf
Lundberg, T. (2019). Comparison of Automated Password Guessing Strategies [Doctoral dissertation]. https://liu.diva-portal.org/smash/get/diva2:1325687/FULLTEXT01.pdf
Ndatinya, V., Xiao, Z., Manepalli, V. R., Meng, K., & Xiao, Y. (2015). Network forensics analysis using Wireshark. International Journal of Security and Networks, 10(2), 91-106. https://www.researchgate.net/publication/281573989_Network_forensics_analysis_using_Wireshark
Singh, S., & Kumar, S. (2020). Capability of Wireshark as an Intrusion Detection System. International Journal of Recent Technology and Engineering (IJRTE), 8(5), 4574-4578. https://www.ijrte.org/wp-content/uploads/papers/v8i5/E6763018520.pdf
ORDER A PLAGIARISM-FREE PAPER HERE
We’ll write everything from scratch
Question 
Network and System Monitoring Analysis
Prepare audits and investigations of electronic computing devices.
Network and System Monitoring Analysis
Using the class materials, the Library, and Internet resources, research the topics involved and provide a complete response to the following:
- Explain three possible uses of a SPAN port that you might use as a forensic investigator.
- Explain two disadvantages of a SPAN port you might encounter as a forensic investigator.
- Wireshark supports two types of filters. Research, and in a whole paragraph for each, address the following:
- Explain each and when you might use each.
- Describe three non-Ethernet protocols Wireshark can capture.
- Many brute force programs will use dictionary words. Describe how you will decide which words to put in a dictionary to be used in a program like Bruter.
Complete the order form and upload all of your files, including any instructions, rubrics, or other materials provided by your instructor. 
Complete the order payment after filling in the order form. We’ll receive your order and assign it to a writer.
The assigned writer will complete your paper and forward it to our Editing Team for review and approval.
Once approved by the editor, the completed paper will be uploaded to your account for you to download, review and approve.