Deciding to delve into the world of Forensics ey? Well, welcome! In order to understand how Network Forensics works, you really should understand the structure of IPv4 and IPv6 packets. Big difference is that IPv4 runs off of 32 bits while IPv6 runs off of 128 bits. Take note that, IPv4 runs on the decimal format and IPv6 runs on the hexadecimal format. Unfortunately for IPv4 this means that an estimated 4.3 billion addresses are allowed but in order to combat this, IPv6 allows virtually an infinite number of addresses thus making IPv6.
Now that we know a bit of how they work, let’s talk about what Wireshark is and how you can use it to detect anomalies. Wireshark in a quick overview is a network analyzer. It allows you to examine the details of traffic at a variety of levels. You can use it to determine at what time a packet went through the network and ultimately find out where the source came from and the destination headed. Using this you can learn how to filter large amounts of data and make it much easier to find out the culprit to your IT problems.