Analyze Threats in a Virtual Lab Network Using Live Forensic Methods on MetaRouter
Abstract
This research identified critical network anomalies in the MetaRouter virtual environment, focusing on IP activity related to routers, networks, and client devices. Suspicious interactions were observed between IP 192.168.1.100 (router) and IP 172.16.205.53 (client), including reused TCP port numbers and incomplete SYN sessions, indicating potential spoofing attempts. Invalid route information involving 192.168.1.100 highlights malicious modifications to the routing table, indicating an attempt to manipulate the routing information. Packet inconsistencies, such as “TCP Previous segment not captured” and “Spurious Retransmission,” revealed interference between the client and router, possibly caused by an external attacker exploiting network protocol vulnerabilities. The aim of this research is to analyze threats in virtual lab networks using live forensic methods on MetaRouter to detect anomalies, with a focus on Border Gateway Protocol (BGP) and TCP deviations in MetaRouter. This research method is a controlled prototype experimental setup in a virtual laboratory consisting of two routers and two client devices. This method simulates real-world network operations to identify malicious activities. Wireshark is used for real-time packet-level monitoring and analysis because it has powerful visualization and filtering capabilities, surpassing tools like tcpdump. This research integrates live forensic techniques to collect and analyze routing logs, packet data, and protocol behavior. The results of this research are the identification of suspicious behaviors, such as reused TCP port numbers, incomplete SYN sessions, and unauthorized route announcements, indicating potential spoofing and BGP hijacking attempts. Packet data irregularities, including “Out-Of-Order” messages and abrupt session terminations, are also detected, revealing disruptions in traffic flow caused by malicious activities. The results of this research are highlighting the effectiveness of the forensic framework in identifying and documenting network anomalies in virtual environments have significant implications for improving security in cloud-based and hybrid networks. This research provides a scalable and replicable methodology that can improve real-time anomaly detection and response, paving the way for future advances in network security.
References
[2] S. Xiao, “Vr Open Computer Network Virtual Laboratory Based On Big Data Technology,” J Phys Conf Ser, Vol. 1648, No. 4, P. 042105, Oct. 2020, Doi: 10.1088/1742-6596/1648/4/042105.
[3] A. Luse And J. Rursch, “Using A Virtual Lab Network Testbed To Facilitate Real-World Hands-On Learning In A Networking Course,” British Journal Of Educational Technology, Vol. 52, No. 3, 2021, Doi: 10.1111/Bjet.13070.
[4] B. Xie And S. M. Aghili, “Mcneese Computer Networking Virtual Learning Environment,” In Lecture Notes In Networks And Systems, Vol. 651 Lnns, 2023, Pp. 747–752. Doi: 10.1007/978-3-031-28076-4_53.
[5] J. Li, V. Giotsas, And S. Zhou, “Anatomy Of Multipath Bgp Deployment In A Large Isp Network,” 2020.
[6] M. N. Hafizh, I. Riadi, And A. Fadlil, “Forensik Jaringan Terhadap Serangan Arp Spoofing Menggunakan Metode Live Forensic,” Jurnal Telekomunikasi Dan Komputer, Vol. 10, No. 2, 2020, Doi: 10.22441/Incomtech.V10i2.8757.
[7] H. A. S. Adjei, M. T. Shunhua, G. K. Agordzo, Y. Li, G. Peprah, And E. S. A. Gyarteng, “Ssl Stripping Technique (Dhcp Snooping And Arp Spoofing Inspection),” In 2021 23rd International Conference On Advanced Communication Technology (Icact), Ieee, Feb. 2021, Pp. 187–193. Doi: 10.23919/Icact51234.2021.9370460.
[8] S. S. Vladimirov, A. Vybornova, A. Muthanna, A. Koucheryavy, And A. A. A. El-Latif, “Network Coding Datagram Protocol For Tcp/Ip Networks,” Ieee Access, Vol. 11, 2023, Doi: 10.1109/Access.2023.3266289.
[9] Z. Bonok, “Sistem Informasi Berbasis Digital Dengan Teknologi Virtual Office Pada Laboratorium Teknik Elektro,” Knowledge: Jurnal Inovasi Hasil Penelitian Dan Pengembangan, Vol. 3, No. 2, 2023, Doi: 10.51878/Knowledge.V3i2.2412.
[10] D. Li, “Research On University Laboratory Network Security Based On Cloud Computing,” Applied Mathematics And Nonlinear Sciences, 2023, Doi: 10.2478/Amns.2023.1.00183.
[11] D. S. Sany, “Gamification Design Of Computer Network Virtual Laboratory Using Sagd-Vl Framework,” Multinetics, Vol. 9, No. 1, 2023, Doi: 10.32722/Multinetics.V9i1.5165.
[12] A. Milolidakis, T. Buhler, K. Wang, M. Chiesa, L. Vanbever, And S. Vissicchio, “On The Effectiveness Of Bgp Hijackers That Evade Public Route Collectors,” Ieee Access, Vol. 11, 2023, Doi: 10.1109/Access.2023.3261128.
[13] B. F. Muhammad And I. C. Utomo, “Implementation Of Ids Using Snort With Barnyard2 Visualization For Network Monitoring In The Informatics Engineering Computer Lab At Muhammadiyah University Surakarta,” International Journal Of Computer And Information System (Ijcis), Vol. 4, No. 4, 2023, Doi: 10.29040/Ijcis.V4i4.142.
[14] C. Hao, A. Zheng, Y. Wang, And B. Jiang, “Experiment Information System Based On An Online Virtual Laboratory,” Future Internet, Vol. 13, No. 2, 2021, Doi: 10.3390/Fi13020027.
[15] M. L. Santos And M. Prudente, “Effectiveness Of Virtual Laboratories In Science Education: A Meta-Analysis,” International Journal Of Information And Education Technology, Vol. 12, No. 2, 2022, Doi: 10.18178/Ijiet.2022.12.2.1598.
[16] E. Ariyanti, “Identifikasi Bukti Digital Instagram Web Dengan Live Forensic Pada Kasus Penipuan Online Shop,” Cyber Security Dan Forensik Digital, Vol. 4, No. 2, 2022, Doi: 10.14421/Csecurity.2021.4.2.2436.
[17] S. Bistarelli, A. Imparato, And F. Santini, “A Tcp-Based Covert Channel With Integrity Check And Retransmission,” In 2023 20th Annual International Conference On Privacy, Security And Trust, Pst 2023, 2023. Doi: 10.1109/Pst58708.2023.10320204.
[18] M. F. Mohd Fuzi, N. F. Mohammad Ashraf, And M. N. F. Jamaluddin, “Integrated Network Monitoring Using Zabbix With Push Notification Via Telegram,” Journal Of Computing Research And Innovation, Vol. 7, No. 1, 2022, Doi: 10.24191/Jcrinn.V7i1.282.
[19] S. Manjunath, A. A. P. Singh, N. C. Gowda, Y. T, And V. H. N, “Machine Learning Techniques To Detect Ddos Attacks In Iot’s, Sdn’s: A Comprehensive Overview,” International Journal Of Human Computations & Intelligence, Vol. 2, No. 4, 2023.
[20] F. Febriansyah, Z. Asti Dwiyanti, And Diash Firdaus, “Deteksi Serangan Low Rate Ddos Pada Jaringan Tradisional Menggunakan Machine Learning Dengan Algoritma Decision Tree,” Cyber Security Dan Forensik Digital, Vol. 6, No. 1, 2023, Doi: 10.14421/Csecurity.2023.6.1.3951.
[21] Y. B. Sanap And P. Aher, “A Comprehensive Survey On Detection And Mitigation Of Ddos Attacks Enabled With Deep Learning Techniques In Cloud Computing,” In 2023 6th Ieee International Conference On Advances In Science And Technology, Icast 2023, 2023. Doi: 10.1109/Icast59062.2023.10454990.
[22] S. Amuda, M. F. Mulya, And F. I. Kurniadi, “Analisis Dan Perancangan Simulasi Perbandingan Kinerja Jaringan Komputer Menggunakan Metode Protokol Routing Statis, Open Shortest Path First (Ospf) Dan Border Gateway Protocol (Bgp) (Studi Kasus Tanri Abeng University),” Jurnal Siskom-Kb (Sistem Komputer Dan Kecerdasan Buatan), Vol. 4, No. 2, 2021, Doi: 10.47970/Siskom-Kb.V4i2.189.
[23] M. Revathi, V. V. Ramalingam, And B. Amutha, “A Machine Learning Based Detection And Mitigation Of The Ddos Attack By Using Sdn Controller Framework,” Wirel Pers Commun, Vol. 127, No. 3, 2022, Doi: 10.1007/S11277-021-09071-1.
[24] P. Kr Boyanov, “Investigating The Network Traffic Using The Command-Line Packets Sniffer Tcpdump In Kali Linux,” Original Contribution Journal Scientific And Applied Research, Vol. 25, 2023.
[25] P. Pangsuban, P. Nilsook, And P. Wannapiroon, “A Real-Time Risk Assessment For Information System With Cicids2017 Dataset Using Machine Learning,” Int J Mach Learn Comput, Vol. 10, Pp. 465–470, May 2020, Doi: 10.18178/Ijmlc.2020.10.3.958.
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
