Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/bajajcodes/packetanalysis
Packet Analysis using Wireshark Utilite i.e tshark . Here it is done in two parts One is DNS Packets Analysis which creates a Profile based on DNS Queries and Duration of Watch && Compares with other Profiles. Second IP_Addresses and Port Numbers Analysis in General View.
https://github.com/bajajcodes/packetanalysis
analysis jupyter-notebook python3 tshark wireshark
Last synced: about 1 month ago
JSON representation
Packet Analysis using Wireshark Utilite i.e tshark . Here it is done in two parts One is DNS Packets Analysis which creates a Profile based on DNS Queries and Duration of Watch && Compares with other Profiles. Second IP_Addresses and Port Numbers Analysis in General View.
- Host: GitHub
- URL: https://github.com/bajajcodes/packetanalysis
- Owner: bajajcodes
- Created: 2020-05-26T14:00:57.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2020-05-26T14:16:00.000Z (over 4 years ago)
- Last Synced: 2024-11-03T23:25:04.567Z (3 months ago)
- Topics: analysis, jupyter-notebook, python3, tshark, wireshark
- Language: Jupyter Notebook
- Size: 3.73 MB
- Stars: 1
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# PacketAnalysis
Packet Analysis using Wireshark Utilite i.e tshark . Here it is done in two parts One is DNS Packets Analysis which creates a Profile based on DNS Queries and Duration of Watch && Compares with other Profiles. Second IP_Addresses and Port Numbers Analysis in General View.
## Problem Statement :-
Network Traffic Analysis to interpret the User Interests and to detect any traffic anomaly.
## Problem State :-
- Packets are captured from the available interface on Host Machine or Given by User for Analysis.
- Packets Captured or Pcap or Data are gathered majorly and commonly from Wlan and Ethernet Interfaces.
- Packet Capture is not Pre-filtered rather Display filters are used as relevant filters for Features Extraction.
- Detecting and Clarifying Traffic Anomalies.
- Idea is to analyse (Data) to detect and identify any traffic anomaly & Analyze DNS Packets and co-packets to detect and identify User Interests and Duration of Conversation.
- Thereafter to Automate the process and make so that it generates reports, If any analogous behaviour occurs & Make Reports based on User Interests gathered from DNS Packets.
- The Data (Pcap) tells the Info which is useful for User Interests Profile Making over DNS Queries and Time Spend and are extracted using Post-Packet-Capture-Filters and Output Filters for Extraction.
- Features are classified as Categorical Features (a class) and Real-Value Data.
- Flow Analysis is the General Setting from which interpretation is done only Source/Destination IP Addresses and Port Numbers.
- A Report is Generated Called Profile from Packet Captures, is compared with other Profiles and A Comparison Table is prepared visualizing Matching and Non-Matching Profiles i.e. based on interests
- Visualizing Feature Extracted {Final} by Plotting them into different plots such as Historogram, BarGraph etc
## Analysis :-
Packet Capture does not Demonstrate the problem instead Results are prepared Post-Packet-Capturing by User Interpretation and Analysis.
- Here Data is the IP Addresses, Application Layer Protocols, Port Numbers, PDUs and others etc.
- At First all packets are captured then Filtered out and then Re-Filtered to final Features Extraction by Slicing and Comprehension and After Slicing Final Features, Data is Visualized, Reports are Generated and are Analyzed
## Action Items :-
- @ Who_is_Seeing: Raise Issues and Suggest Changes