Ns3 Projects for B.E/B.Tech M.E/M.Tech PhD Scholars.  Phone-Number:9790238391   E-mail: ns3simulation@gmail.com

How to Implement Digital Forensics in ns3

To implement the digital forensics in ns3 consists to simulate the environment where the network traffic is taken and evaluated to classify the vulnerabilities, trace back to assailants, and collect the proofs. This procedure will show the set up a general network, capturing the packets and executing the general digital forensics application.

Step-by-Step Implementation

  1. Install ns3

To make certain ns3 is downloaded on the system and we can install it from the official websites and set it up.

  1. Define the Network Topology

Network topology that contains

  • Normal nodes (legitimate users)
  • Attacker nodes
  • Server nodes
  • Forensic nodes (nodes used to capture and analyze traffic)
  1. Create Network Nodes

Create network nodes using NodeContainer.

NodeContainer normalNodes, attackerNodes, serverNodes, forensicNodes;

normalNodes.Create(3);

attackerNodes.Create(1);

serverNodes.Create(1);

forensicNodes.Create(1);

  1. Set Up Network Devices

Install network devices on the nodes using appropriate network interfaces, such as WiFi for wireless communication.

WifiHelper wifi;

wifi.SetStandard(WIFI_PHY_STANDARD_80211n_5GHZ);

WifiMacHelper mac;

mac.SetType(“ns3::AdhocWifiMac”);

YansWifiPhyHelper phy = YansWifiPhyHelper::Default();

YansWifiChannelHelper channel = YansWifiChannelHelper::Default();

phy.SetChannel(channel.Create());

NetDeviceContainer normalDevices = wifi.Install(phy, mac, normalNodes);

NetDeviceContainer attackerDevices = wifi.Install(phy, mac, attackerNodes);

NetDeviceContainer serverDevices = wifi.Install(phy, mac, serverNodes);

NetDeviceContainer forensicDevices = wifi.Install(phy, mac, forensicNodes);

  1. Configure Mobility Model

For the nodes to Set up mobility model;

MobilityHelper mobility;

mobility.SetMobilityModel(“ns3::ConstantPositionMobilityModel”);

mobility.Install(normalNodes);

mobility.Install(attackerNodes);

mobility.Install(serverNodes);

mobility.Install(forensicNodes);

  1. Set Up Packet Capture

Configure packet capture on the forensic nodes. Use PcapHelper to capture packets.

PcapHelper pcapHelper;

Ptr<PcapFileWrapper> file = pcapHelper.CreateFile(“forensics.pcap”, std::ios::out, PcapHelper::DLT_PPP);

for (uint32_t i = 0; i < forensicDevices.GetN(); ++i) {

    phy.EnablePcap(“forensic_capture”, forensicDevices.Get(i), true, true);

}

  1. Implement Forensic Analysis Application

Create an application that analyzes captured packets for forensic purposes. Below is a simple example of a packet sniffing application that logs packet details.

Forensic Application (Example)

 

class ForensicApplication : public Application {

public:

    void StartApplication() override {

        recvSocket = Socket::CreateSocket(GetNode(), UdpSocketFactory::GetTypeId());

        recvSocket->Bind(InetSocketAddress(Ipv4Address::GetAny(), listenPort));

        recvSocket->SetRecvCallback(MakeCallback(&ForensicApplication::HandleRead, this));

    }

    void SetListenPort(uint16_t port) {

        listenPort = port;

    }

    void HandleRead(Ptr<Socket> socket) {

        Ptr<Packet> packet;

        Address from;

        while ((packet = socket->RecvFrom(from))) {

            LogPacket(packet, from);

        }

    }

    void LogPacket(Ptr<Packet> packet, Address from) {

        std::cout << “Captured packet from ” << InetSocketAddress::ConvertFrom(from).GetIpv4()

                  << ” of size ” << packet->GetSize() << std::endl;

    }

private:

    Ptr<Socket> recvSocket;

    uint16_t listenPort;

};

  1. Set Up Applications

Install the applications on the nodes.

ApplicationContainer normalApps, attackerApps, serverApps, forensicApps;

 

// Normal node applications (e.g., sending normal traffic)

for (uint32_t i = 0; i < normalNodes.GetN(); ++i) {

    OnOffHelper onoff(“ns3::UdpSocketFactory”, InetSocketAddress(serverNodes.Get(0)->GetObject<Ipv4>()->GetAddress(1, 0).GetLocal(), 9));

    onoff.SetConstantRate(DataRate(“500kb/s”));

    ApplicationContainer app = onoff.Install(normalNodes.Get(i));

    app.Start(Seconds(1.0));

    app.Stop(Seconds(20.0));

    normalApps.Add(app);

}

// Attacker node applications (e.g., DoS attack)

for (uint32_t i = 0; i < attackerNodes.GetN(); ++i) {

    Ptr<DoSAttackApplication> app = CreateObject<DoSAttackApplication>();

    app->SetRemote(serverNodes.Get(0)->GetObject<Ipv4>()->GetAddress(1, 0).GetLocal(), 9);

    attackerNodes.Get(i)->AddApplication(app);

    app->SetStartTime(Seconds(5.0));

    app->SetStopTime(Seconds(20.0));

    attackerApps.Add(app);

}

// Server node application (e.g., packet sink)

PacketSinkHelper sink(“ns3::UdpSocketFactory”, InetSocketAddress(Ipv4Address::GetAny(), 9));

serverApps.Add(sink.Install(serverNodes.Get(0)));

// Forensic node application

Ptr<ForensicApplication> forensicApp = CreateObject<ForensicApplication>();

forensicApp->SetListenPort(9);

forensicNodes.Get(0)->AddApplication(forensicApp);

forensicApp->SetStartTime(Seconds(1.0));

forensicApp->SetStopTime(Seconds(20.0));

forensicApps.Add(forensicApp);

serverApps.Start(Seconds(1.0));

serverApps.Stop(Seconds(20.0));

  1. Set Up Routing Protocols

Configure routing protocols for the network.

AodvHelper aodv;

InternetStackHelper internet;

internet.SetRoutingHelper(aodv);

internet.Install(normalNodes);

internet.Install(attackerNodes);

internet.Install(serverNodes);

internet.Install(forensicNodes);

  1. Assign IP Addresses

Assign IP addresses to the network devices.

Ipv4AddressHelper address;

address.SetBase(“10.1.1.0”, “255.255.255.0”);

Ipv4InterfaceContainer normalInterfaces = address.Assign(normalDevices);

Ipv4InterfaceContainer attackerInterfaces = address.Assign(attackerDevices);

Ipv4InterfaceContainer serverInterfaces = address.Assign(serverDevices);

Ipv4InterfaceContainer forensicInterfaces = address.Assign(forensicDevices);

  1. Run the Simulation

Configure the simulation runtime and execute it.

Simulator::Stop(Seconds(20.0));

Simulator::Run();

Simulator::Destroy();

Example of a Simple Digital Forensics Script

Here, we provide the sample script to complete the digital forensics simulation in ns-3 environment:

#include “ns3/core-module.h”

#include “ns3/network-module.h”

#include “ns3/internet-module.h”

#include “ns3/wifi-module.h”

#include “ns3/mobility-module.h”

#include “ns3/applications-module.h”

#include “ns3/aodv-module.h”

using namespace ns3;

class DoSAttackApplication : public Application {

public:

    void StartApplication() override {

        sendSocket = Socket::CreateSocket(GetNode(), UdpSocketFactory::GetTypeId());

        sendSocket->Connect(InetSocketAddress(destAddress, destPort));

        // Schedule the first packet send

        SendPacket();

    }

    void SetRemote(Address address, uint16_t port) {

        destAddress = address;

        destPort = port;

    }

    void SendPacket() {

        std::string message = “This is a DoS attack packet”;

        Ptr<Packet> packet = Create<Packet>((uint8_t*) message.c_str(), message.size());

        sendSocket->Send(packet);

        // Schedule the next packet send

        Simulator::Schedule(MilliSeconds(10), &DoSAttackApplication::SendPacket, this);

    }

private:

    Ptr<Socket> sendSocket;

    Address destAddress;

    uint16_t destPort;

};

class ForensicApplication : public Application {

public:

    void StartApplication() override {

        recvSocket = Socket::CreateSocket(GetNode(), UdpSocketFactory::GetTypeId());

        recvSocket->Bind(InetSocketAddress(Ipv4Address::GetAny(), listenPort));

        recvSocket->SetRecvCallback(MakeCallback(&ForensicApplication::HandleRead, this));

    }

    void SetListenPort(uint16_t port) {

        listenPort = port;

    }

    void HandleRead(Ptr<Socket> socket) {

        Ptr<Packet> packet;

        Address from;

        while ((packet = socket->RecvFrom(from))) {

            LogPacket(packet, from);

        }

    }

    void LogPacket(Ptr<Packet> packet, Address from) {

        std::cout << “Captured packet from ” << InetSocketAddress::ConvertFrom(from).GetIpv4()

                  << ” of size ” << packet->GetSize() << std::endl;    }

private:

    Ptr<Socket> recvSocket;

    uint16_t listenPort;

};

int main(int argc, char *argv[]) {

    NodeContainer normalNodes, attackerNodes, serverNodes, forensicNodes;

    normalNodes.Create(3);

    attackerNodes.Create(1);

    serverNodes.Create(1);

    forensicNodes.Create(1);

    // WiFi setup

    WifiHelper wifi;

    wifi.SetStandard(WIFI_PHY_STANDARD_80211n_5GHZ);

    WifiMacHelper mac;

    mac.SetType(“ns3::AdhocWifiMac”);

    YansWifiPhyHelper phy = YansWifiPhyHelper::Default();

    YansWifiChannelHelper channel = YansWifiChannelHelper::Default();

    phy.SetChannel(channel.Create());

    NetDeviceContainer normalDevices = wifi.Install(phy, mac, normalNodes);

    NetDeviceContainer attackerDevices = wifi.Install(phy, mac, attackerNodes);

    NetDeviceContainer serverDevices = wifi.Install(phy, mac, serverNodes);

    NetDeviceContainer forensicDevices = wifi.Install(phy, mac, forensicNodes);

    // Mobility setup

    MobilityHelper mobility;

    mobility.SetMobilityModel(“ns3::ConstantPositionMobilityModel”);

    mobility.Install(normalNodes);

    mobility.Install(attackerNodes);

    mobility.Install(serverNodes);

    mobility.Install(forensicNodes);

    // Internet stack and routing

    AodvHelper aodv;

    InternetStackHelper internet;

    internet.SetRoutingHelper(aodv);

    internet.Install(normalNodes);

    internet.Install(attackerNodes);

    internet.Install(serverNodes);

    internet.Install(forensicNodes);

    Ipv4AddressHelper address;

    address.SetBase(“10.1.1.0”, “255.255.255.0”);

    Ipv4InterfaceContainer normalInterfaces = address.Assign(normalDevices);

    Ipv4InterfaceContainer attackerInterfaces = address.Assign(attackerDevices);

    Ipv4InterfaceContainer serverInterfaces = address.Assign(serverDevices);

    Ipv4InterfaceContainer forensicInterfaces = address.Assign(forensicDevices);

    // Set up packet capture

    PcapHelper pcapHelper;

    Ptr<PcapFileWrapper> file = pcapHelper.CreateFile(“forensics.pcap”, std::ios::out, PcapHelper::DLT_PPP);

    for (uint32_t i = 0; i < forensicDevices.GetN(); ++i) {

        phy.EnablePcap(“forensic_capture”, forensicDevices.Get(i), true, true);

    }

    // Install applications

    ApplicationContainer normalApps, attackerApps, serverApps, forensicApps;

    // Normal node applications (e.g., sending normal traffic)

    for (uint32_t i = 0; i < normalNodes.GetN(); ++i) {

        OnOffHelper onoff(“ns3::UdpSocketFactory”, InetSocketAddress(serverNodes.Get(0)->GetObject<Ipv4>()->GetAddress(1, 0).GetLocal(), 9));

        onoff.SetConstantRate(DataRate(“500kb/s”));

        ApplicationContainer app = onoff.Install(normalNodes.Get(i));

        app.Start(Seconds(1.0));

        app.Stop(Seconds(20.0));

        normalApps.Add(app);

    }

    // Attacker node applications (e.g., DoS attack)

    for (uint32_t i = 0; i < attackerNodes.GetN(); ++i) {

        Ptr<DoSAttackApplication> app = CreateObject<DoSAttackApplication>();

        app->SetRemote(serverNodes.Get(0)->GetObject<Ipv4>()->GetAddress(1, 0).GetLocal(), 9);

        attackerNodes.Get(i)->AddApplication(app);

        app->SetStartTime(Seconds(5.0));

        app->SetStopTime(Seconds(20.0));

        attackerApps.Add(app);

    }

    // Server node application (e.g., packet sink)

    PacketSinkHelper sink(“ns3::UdpSocketFactory”, InetSocketAddress(Ipv4Address::GetAny(), 9));

    serverApps.Add(sink.Install(serverNodes.Get(0)));

    // Forensic node application

    Ptr<ForensicApplication> forensicApp = CreateObject<ForensicApplication>();

    forensicApp->SetListenPort(9);

    forensicNodes.Get(0)->AddApplication(forensicApp);

    forensicApp->SetStartTime(Seconds(1.0));

    forensicApp->SetStopTime(Seconds(20.0));

    forensicApps.Add(forensicApp);

    serverApps.Start(Seconds(1.0));

    serverApps.Stop(Seconds(20.0));

    Simulator::Stop(Seconds(20.0));

    Simulator::Run();

    Simulator::Destroy();

    return 0;

}

At last we discussed here about the Digital Forensics simulation analysis ns3 environment and further we support all kinds of Digital Forensics that adapt in diverse environment. We lay good emphasis on Implementation of Digital Forensics in ns3.