Scribd
Upload
14 views3 pages

CW 3rd Exp

Uploaded by

prajapatiritik1296
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
14 views3 pages

CW 3rd Exp

Uploaded by

prajapatiritik1296
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

lOMoAR cPSD| 41550398

06/05/25
EXPERIMENT-3

AIM: Detecting Suspicious Activity: Analyze network traffic to identify suspicious patterns, such
as repeated connection attempts or unusual communication between hosts.

THEORY:
1. Start Capturing Packets:
• Click on the 'Start' button or use the Ctrl + E shortcut to commence packet
capture.

2. Analyze Network Traffic:


• Wireshark will begin capturing packets in real-time. Observe the captured
packets in the main window.

3. Identify Suspicious Patterns:


o Look for unusual or suspicious patterns in the network traffic. Some common
suspicious activities to watch out for include:
• Unusual volume of traffic: Sudden spikes or unusual patterns in data transfer
rates may indicate malicious activity such as a DDoS attack.
• Repeated connection attempts: Numerous connection attempts to a specific
host or port could be a sign of port scanning or brute force attacks.
• Unusual protocols: Detection of unfamiliar or uncommon protocols may
indicate attempts to evade detection by using non-standard communication
methods.
• Unusual packet sizes: Large packets or abnormally small packets may suggest
data exfiltration or network scanning.
• Unauthorized access attempts: Look for packets containing login attempts,
authentication failures, or access to restricted resources.
• Unusual communication patterns: Analyze the communication between
hosts to identify any abnormal behaviors such as communication between
hosts that typically do not interact.

4. Use Filters:
Apply filters in Wireshark to focus on specific types of traffic that may be indicative of
suspicious activity. For example: o Filter for TCP SYN packets ([Link] == 1) to
identify TCP connection attempts. o Filter for large packets ([Link] > ) to detect
potential data exfiltration attempts.

5. Follow TCP Streams:


Follow TCP streams for suspicious connections to analyze the full conversation between
hosts and identify any malicious payloads or commands being transmitted.

6. Inspect DNS Traffic:


DNS traffic can often reveal malicious activity such as domain generation algorithms
(DGAs) used by malware. Look for patterns in DNS requests that may indicate
malicious domain names.
NAME:- ANSH BARANWAL
ROLL NO.:-2301201540010
1
BRANCH:- 2CSE(DS)
lOMoAR cPSD| 41550398

7. Stop Capturing Packets:


Once you have gathered sufficient data for analysis, stop the packet capture by clicking
on the 'Stop' button or using the Ctrl + E shortcut.

8. Analyze Captured Data:


Review the captured packets and analyze them in detail to confirm any suspicions of
malicious activity.

9. Document Findings:
Document your findings, including any suspicious patterns or activities observed during
the packet analysis.

By following these steps, detect and analyze suspicious activity on your network.

ACCORDING TO EXPERIMENT:

Start Capturing and Analyzing network packets

NAME:- ANSH BARANWAL 2


ROLL NO.:-2301201540010
BRANCH:- 2CSE(DS)
lOMoAR cPSD| 41550398

Identifying Suspicious Patterns

Inspection of DNS Traffic and Analyzation of captured data

NAME:- ANSH BARANWAL 3


ROLL NO.:-2301201540010
BRANCH:- 2CSE(DS)

You might also like