<![CDATA[This research identified critical network anomalies in the MetaRouter virtual environment, focusing on IP activity related to routers, networks, and client devices. Suspicious interactions were observed between IP 192.168.1.100 (router) and IP 172.16.205.53 (client), including reused TCP port numbers and incomplete SYN sessions, indicating potential spoofing attempts. Invalid route information involving 192.168.1.100 highlights malicious modifications to the routing table, indicating an attempt to manipulate the routing information. Packet inconsistencies, such as “TCP Previous segment not captured†and “Spurious Retransmission,†revealed interference between the client and router, possibly caused by an external attacker exploiting network protocol vulnerabilities. The aim of this research is to analyze threats in virtual lab networks using live forensic methods on MetaRouter to detect anomalies, with a focus on Border Gateway Protocol (BGP) and TCP deviations in MetaRouter. This research method is a controlled prototype experimental setup in a virtual laboratory consisting of two routers and two client devices. This method simulates real-world network operations to identify malicious activities. Wireshark is used for real-time packet-level monitoring and analysis because it has powerful visualization and filtering capabilities, surpassing tools like tcpdump. This research integrates live forensic techniques to collect and analyze routing logs, packet data, and protocol behavior. The results of this research are the identification of suspicious behaviors, such as reused TCP port numbers, incomplete SYN sessions, and unauthorized route announcements, indicating potential spoofing and BGP hijacking attempts. Packet data irregularities, including “Out-Of-Order†messages and abrupt session terminations, are also detected, revealing disruptions in traffic flow caused by malicious activities. The results of this research are highlighting the effectiveness of the forensic framework in identifying and documenting network anomalies in virtual environments have significant implications for improving security in cloud-based and hybrid networks. This research provides a scalable and replicable methodology that can improve real-time anomaly detection and response, paving the way for future advances in network security.]]>
