This week’s topic, we discussed about all the possible source of evidence in the network. Which is:
On the wire – in the inside of a network cable (e.g. fibre optic), it can provide real time network data.
In the Air – through radio frequency for data such as access points (AP) and Mac Address
Switches – it can capture data traffic using packet sniffing
Routers – it connect traffic between networks and can act as a packet sniffer
DHCP Server – obtain data such as the IP address, Mac address of the host device requesting the data
DNS Server – it can create timelines of the network activities
Authentication Server – it can see the logs of account attack, such as failure attempt to brute force password
NIDS/NIPS – it is used to monitor the network traffic real time
Firewalls – used for packet inspection (forward / backward)
and many more…

Internetworking is about a connection and communication between many networks (2 or more). To have internetworking, a link between network must be established, routing for delivery of data packets, an account to keep track of the status information of the network, and also proving service without the modification of the network architecture.

For internet protocol suite, it is needed to know the concept of TCP/IP model and an understanding of the flow of flow record analysis, packet analysis, and web proxy discretion.