Application Layer Based Packet Analysis and Intrusion Detection

Network forensics is basically a new approach when it comes to the network information security, because the IDS and firewall cannot always discover and stop the misuse in the whole network. This proposed work is used to capture and analyze the data exchanged among the many different IP traceback techniques like packet marking that assist a forensic investigator to recognize the promicious IP source packets. The proposed network forensics only focus on the network traffic capture, ARP spoofing, MAC spoofing, attack alerting and traffic replay, that often results in the performance of forensics analysis difficulties.