ABSTRACT
Cyberspace has been dominated with various forms of attacks in which sniffing technique is one of the predominant approaches used in exploiting the weaknesses of cyber physical systems (CPSs). The number, variety, and advancement in technology occasioned by the Internet of Things (IoT) has made a lot of data available with significant issues for CPSs. Forensic Analysis Framework approach was implemented in the preparation, proactive, and reactive stages, and during presentation for forensic examination. The study utilized Wireshark and TCPDump to determine network attacks such as denial of service, eavesdropping, replay attack, Sybil attack, sinkhole attack, and man-in-the-middle attack. Wireshark shows that more attacks occurred on TCP as opposed to UDP; 83.65% of packets transmitted were directed to TCP port 80. TCP had a total of 1,373,445 out of 1,391,810 packets count, while UDP had a total of 18,365. This signifies that 98.68% of packets were found on the TCP. TCPDump shows that an attack occurred for 1 minute and 22 seconds, with a total of 1,373,445 packets transmitted. The study recommends other network forensic analysis tools such as Dumpcap and Ethereal for live network analysis; NetDetector for instant blockage of malicious traffic; and Fidelis XPS for recording traffic sessions for effective network post mortem analysis.
