كشف نشاط مريب على الشبكة - كتاب الأمن السيبراني - الصف 12 - الفصل 1 - المملكة العربية السعودية

--- SECTION: كشف نشاط مريب على الشبكة Detecting Suspicious Activity on a Network --- كشف نشاط مريب على الشبكة Detecting Suspicious Activity on a Network يُستخدم واير شارك للكشف عن الأنشطة المريبة على الشبكة، وعليك التحقق من رسائل وحزم بروتوكول اقتران العناوين (Address Resolution Protocol - ARP) التي تستخدمها هذا البروتوكول لاكتشاف الأجهزة التي تحاول إجراء عمليات مريبة. --- SECTION: بروتوكول اقتران العناوين (Address Resolution Protocol - ARP) --- هو بروتوكول اتصال يُستخدم للربط بين عناوين طبقة الشبكة (عناوين IPv4) لجهاز ما وعنوان طبقة ربط البيانات المقابلة (عنوان MAC) على شبكة محلية، ويُعدُّ هذا البروتوكول ضروريًا لتمكين الأجهزة من الاتصال ببعضها في الشبكة المحلية عن طريق تعيين عناوين بروتوكول الإنترنت (IP) لعناوين التحكم بالنفاد للوسط (MAC). --- SECTION: تكشف طلبات بروتوكول اقتران العناوين (ARP) --- تكشف طلبات بروتوكول اقتران العناوين (ARP) < من علامة تبويب Edit (تحرير)، 1 اضغط على Preferences (التفضيلات). 2 < من نافذة Preferences (التفضيلات)، اختر خيار Protocols (البروتوكولات). 3 < اختر بروتوكول ARP/RARP (بروتوكول اقتران العناوين/ بروتوكول اقتران العناوين العكسي). 4 < حدد صندوق Detect ARP request storms (اكتشاف طلبات بروتوكول اقتران العناوين). 5 < اضغط على OK (موافق). 6 < يمكنك من لوحة Packet List (قائمة الحزمة) التحقق من وجود نشاط مريب. 7 وزارة التعليم Ministry of Education 2025 - 1447 77 --- VISUAL CONTEXT --- **FIGURE**: Wireshark Network Analyzer - Edit Menu Description: A screenshot of the Wireshark Network Analyzer application interface. The main menu bar is visible at the top with options: File, Edit, View, Go, Capture, Analyze, Statistics, Telephony, Tools, Help. The 'Edit' menu is open, displaying a dropdown list of options including Copy, Find Packet..., Find Next, Find Previous, Mark/Unmark Packet(s), Mark All Displayed, Unmark All Displayed, Next Mark, Previous Mark, Ignore/Unignore Packet(s), Ignore All Displayed, Unignore All Displayed, Set/Unset Time Reference, Unset All Time References, Next Time Reference, Previous Time Reference, Time Shift..., Packet Comment..., Delete All Packet Comments, Configuration Profiles..., and Preferences.... The 'Preferences...' option is highlighted, corresponding to step 2 in the instructions. A blue circle with '1' points to 'Edit' and a blue circle with '2' points to 'Preferences...'. Key Values: File, Edit, View, Go, Capture, Analyze, Statistics, Telephony, Tools, Help, Preferences..., Copy, Find Packet..., Mark/Unmark Packet(s), Configuration Profiles... Context: Illustrates the initial steps to access Wireshark preferences for network analysis. **FIGURE**: Wireshark - Preferences Dialog (Protocols Section) Description: A screenshot of the 'Wireshark - Preferences' dialog box. The left pane shows a tree-view navigation with categories such as Appearance, Columns, Font and Color, Layout, Capture, Export, Expert, Filter Buttons, Name Resolution, and Protocols. The 'Protocols' category is expanded, showing a long list of network protocols. The right pane displays general protocol settings, including checkboxes for 'Display hidden protocol items', 'Display byte fields with a space character between bytes', 'Look for incomplete dissectors', and 'Enable stricter conversation tracing heuristics'. A blue circle with '3' points to the 'Protocols' section in the left navigation pane. Key Values: Wireshark - Preferences, Appearance, Protocols, Display hidden protocol items, Display byte fields with a space character between bytes, Look for incomplete dissectors, Enable stricter conversation tracing heuristics, 29West, 2dparityfec, 3GPP2 A11, 6LOWPAN, 802.11 Radio Context: Shows how to navigate to the specific 'Protocols' section within Wireshark preferences to configure protocol-specific settings. **FIGURE**: Wireshark - Preferences Dialog (Address Resolution Protocol Settings) Description: A screenshot of the 'Wireshark - Preferences' dialog box, specifically showing the settings for 'Address Resolution Protocol'. In the left navigation pane, 'ARP/RARP' is selected under 'Protocols'. The right pane displays ARP-specific configuration options. These include checkboxes for 'Detect ARP request storms' (checked), 'Detect duplicate IP address configuration' (checked), and 'Register network address mappings' (checked). There are also input fields: 'Number of requests to detect during period (s)' with a value of '30', and 'Detection period (ms)' with a value of '100'. At the bottom of the dialog, 'OK', 'Cancel', and 'Help' buttons are visible. A blue circle with '4' points to 'ARP/RARP' in the left pane, '5' points to the 'Detect ARP request storms' checkbox, and '6' points to the 'OK' button. Key Values: Wireshark - Preferences, APRS, AR Drone, Armagetronad, ARP/RARP, Artemis, ARTNET, ARUBA_ERM, ASAP, ASTERIX, AT, ATH, ATM, ATMTCP, ATP, Auto-RP, AUTOSAR NM, AX.25 KISS, AX.25 no L3, AX4000, AYIYA, Babel, Banana, BAD, BAT.GW, Address Resolution Protocol, Detect ARP request storms, Number of requests to detect during period (s): 30, Detection period (ms): 100, Detect duplicate IP address configuration, Register network address mappings, OK, Cancel, Help Context: Demonstrates how to configure Wireshark to specifically detect and monitor suspicious ARP activities, such as ARP request storms, by enabling relevant detection options and setting thresholds.