International Journal of Science, Engineering and TechnologyAuthors: Dilnoza Karimova, Azizbek Tursunov, Durdona Yuldasheva, Rustamjon Akhmedov
Abstract: Network forensics has become an indispensable discipline in modern cybersecurity, providing the foundational capabilities required to trace, analyze, and respond to malicious or anomalous activity within enterprise networks. Unlike traditional log-based analysis, network forensics focuses on capturing and dissecting real-time packet data to reconstruct security incidents, uncover unauthorized transmissions, and validate compliance requirements. In contemporary enterprise infrastructures especially those operating across heterogeneous platforms the ability to perform consistent and reliable network-level inspection is crucial for effective incident response and threat containment. Hybrid UNIX environments, comprising diverse systems such as Linux, Solaris, AIX, and BSD, introduce unique technical and operational challenges to network forensics. These platforms often use different networking stacks, device naming conventions, privilege models, and service architectures. As a result, uniform forensic visibility becomes difficult without platform-agnostic tools. In such contexts, Wireshark emerges as a powerful solution due to its cross-platform support, rich protocol dissection capabilities, and both graphical and command-line interfaces. Its utility spans from deep packet inspection to session reconstruction and protocol-level anomaly detection, making it an essential tool for UNIX systems administrators and security analysts. However, deploying Wireshark effectively in hybrid UNIX infrastructures is not without complications. Key challenges include accurately mapping network interfaces across platforms, capturing traffic from systems with varying levels of permission control, analyzing encrypted data streams, correlating events using timestamps from systems with inconsistent time sources, and managing the performance and storage overheads of high-volume packet capture. This article aims to comprehensively evaluate the role of Wireshark in hybrid UNIX network forensics. It explores configuration best practices, deployment strategies, use cases, and integration with broader security ecosystems. By addressing both technical nuances and forensic methodologies, the review provides actionable insights for building resilient and efficient packet-based forensic workflows across multi-UNIX environments.
DOI: http://doi.org/10.5281/zenodo.15852975
