Skip to content
/ PacketAnalysis Public

Packet Analysis using Wireshark Utilite i.e tshark . Here it is done in two parts One is DNS Packets Analysis which creates a Profile based on DNS Queries and Duration of Watch && Compares with other Profiles. Second IP_Addresses and Port Numbers Analysis in General View.

1 star 0 forks Branches Tags Activity
Star
Notifications

bajajcodes/PacketAnalysis

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits

csvs_out

csvs_out

 
 

images_in

images_in

 
 

images_out

images_out

 
 

pdfs_out

pdfs_out

 
 

README.md

README.md

 
 

dns_analysis.ipynb

dns_analysis.ipynb

 
 

nt_analysis.ipynb

nt_analysis.ipynb

 
 

Repository files navigation

PacketAnalysis

Packet Analysis using Wireshark Utilite i.e tshark . Here it is done in two parts One is DNS Packets Analysis which creates a Profile based on DNS Queries and Duration of Watch && Compares with other Profiles. Second IP_Addresses and Port Numbers Analysis in General View.

Problem Statement :-

Network Traffic Analysis to interpret the User Interests and to detect any traffic anomaly.

Problem State :-

  • Packets are captured from the available interface on Host Machine or Given by User for Analysis.
  • Packets Captured or Pcap or Data are gathered majorly and commonly from Wlan and Ethernet Interfaces.
  • Packet Capture is not Pre-filtered rather Display filters are used as relevant filters for Features Extraction.
  • Detecting and Clarifying Traffic Anomalies.
  • Idea is to analyse (Data) to detect and identify any traffic anomaly & Analyze DNS Packets and co-packets to detect and identify User Interests and Duration of Conversation.
  • Thereafter to Automate the process and make so that it generates reports, If any analogous behaviour occurs & Make Reports based on User Interests gathered from DNS Packets.
  • The Data (Pcap) tells the Info which is useful for User Interests Profile Making over DNS Queries and Time Spend and are extracted using Post-Packet-Capture-Filters and Output Filters for Extraction.
  • Features are classified as Categorical Features (a class) and Real-Value Data.
  • Flow Analysis is the General Setting from which interpretation is done only Source/Destination IP Addresses and Port Numbers.
  • A Report is Generated Called Profile from Packet Captures, is compared with other Profiles and A Comparison Table is prepared visualizing Matching and Non-Matching Profiles i.e. based on interests
  • Visualizing Feature Extracted {Final} by Plotting them into different plots such as Historogram, BarGraph etc

Analysis :-

Packet Capture does not Demonstrate the problem instead Results are prepared Post-Packet-Capturing by User Interpretation and Analysis.

  • Here Data is the IP Addresses, Application Layer Protocols, Port Numbers, PDUs and others etc.
  • At First all packets are captured then Filtered out and then Re-Filtered to final Features Extraction by Slicing and Comprehension and After Slicing Final Features, Data is Visualized, Reports are Generated and are Analyzed

Action Items :-

  • @ Who_is_Seeing: Raise Issues and Suggest Changes

About

Packet Analysis using Wireshark Utilite i.e tshark . Here it is done in two parts One is DNS Packets Analysis which creates a Profile based on DNS Queries and Duration of Watch && Compares with other Profiles. Second IP_Addresses and Port Numbers Analysis in General View.

Topics

analysis jupyter-notebook python3 wireshark tshark

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages