Computer networks are developing very rapidly, both in commercial institutions, in the academic world, and even in people's homes that need internet access. Internet is an acronym for Interconnection Networking, or which means a network that is widely connected. The Internet is a computer network linkage through a standard called the global Transmission Control Protocol or Internet Protocol TCP / IP, which has a system of exchanging communication packets originating through data. This study implements a virtual router network as an object for reviewing network traffic running on router hardware by utilizing network analysis tools on the Windows operating system. The framework used in the research is the National Institute of Standards and Technology (NIST). The research will end with the discovery of unusual traffic evidence using the Wireshark forensic analysis tool and Microsoft Network Monitor. The disclosure aims to be able to find the intruder's IP address from the Wireshark application and Microsoft Network Monitor, by analyzing evidence of network packets that have been prepared. Network traffic has been recorded directly using the Wireshrak tool, followed by validating the evidence between the Wireshark analysis tool and the Microsoft Network Monitor. The results of the virtual router network forensic analysis using the nist SP800-86 framework are true attacks, proven by the ARP protocol, that communication is lost between 192.168.10.5 as a client and 192.168.10.254 as a server as a result of continuous broadcast which is also proven in the ICMP protocol. Based on this research, the NIST framework uses a system that has been built with a virtual router object that analysts can use to detect cyber attacks consistently.
Copyrights © 2023