Home > Published Issues > 2023 > Volume 14, No. 4, 2023 >
JAIT 2023 Vol.14(4): 616-624
doi: 10.12720/jait.14.4.616-624

Detecting Unusual Activities in Local Network Using Snort and Wireshark Tools

Naif Alsharabi 1,2,*, Maha Alqunun 1, and Belal Abdullah Hezam Murshed 2,3
1. Department of Computer Engineering, College of Computer Science and Engineering, University of Ha’il, Ha’il 55476, Saudi Arabia; Email: s20200324@uoh.edu.sa (M.A.)
2. Department of Computer Science, College of Engineering and IT, Amran University, Amran 00967, Yemen
3. Department of Studies in Computer Science, Mysore University, Mysore-570006, Karnataka, India; Email: belal.a.hezam@gmail.com (B.A.H.M.)
*Correspondence: n.sharabi@uoh.edu.sa (N.A.)

Manuscript received October 27, 2022; revised December 9, 2022; accepted March 31, 2023; published July 5, 2023.

Abstract—Many organizations worldwide encounter security risks on their local network caused by malware, which might result in losing sensitive data. Thus, network administrators should use efficient tools to observe the instantaneous network traffic and detect any suspicious activity. This project aims to detect incidents in local networks based on snort and Wireshark tools. Wireshark and snort tools combine their advantages to achieve maximum benefit, enhance the security level of local networks, and protect data. Snort Intrusion Detection System (Snort-IDS) is a security tool for network security. Snort-IDS rules use to match packet traffic. If some packets match the rules, Snort-IDS will generate alert messages. First, this project uses a virtual dataset that includes normal and abnormal traffic for the performance evaluation test. In addition, design local rules to detect anomalous activities. Second, use Wireshark software to analyze data packets. Second, use Wireshark software to analyze data packets. This project categorizes the detected patterns into two groups, anomaly-based detection, and signature-based detection. The results revealed the efficiency of the snort-IDS system in detecting unusual activities in both patterns and generating more information by analyzing it by Wireshark, such as source, destination, and protocol type. The promoted experience was tested on the virtual local network to ensure the effectiveness of this method. Keywords: network, intrusion detection system, Wireshark, snort, anomaly-based detection, signature-based detection, packet traffic, alert.
Keywords—network, intrusion detection system, wireshark, snort, anomaly-based, detection, signature-based detection, packet traffic, alert

Cite: Naif Alsharabi, Maha Alqunun, and Belal Abdullah Hezam Murshed, "Detecting Unusual Activities in Local Network Using Snort and Wireshark Tools," Journal of Advances in Information Technology, Vol. 14, No. 4, pp. 616-624, 2023.

Copyright © 2023 by the authors. This is an open access article distributed under the Creative Commons Attribution License (CC BY-NC-ND 4.0), which permits use, distribution and reproduction in any medium, provided that the article is properly cited, the use is non-commercial and no modifications or adaptations are made.