Graphical analysis of captured network packets for detection of suspicious network nodes

Graphical analysis of captured network packets for detection of suspicious network nodes

The advent of the Internet has yielded the rapid development of Information Technology related applications over the past two decades. Most organizations have adopted the use of a computer network to make accessibility and sharing of network applications and devices possible. However, currently, net...

Full description

Saved in:
Bibliographic Details
Published in:2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA) pp. 1 - 5
Main Authors: Aryeh, Felix Larbi, Alese, Boniface Kayode, Olasehinde, Olayemi
Format: Conference Proceeding
Language:English
Published: IEEE 01-06-2020
Subjects:
(UDP)Transmission Control Protocol (TCP)
Internet
Internet Control Message Protocol (ICMP)
IP networks
Libraries
Packet Capture (PCAP)
Payloads
Telecommunication traffic
User Datagram Protocol
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The advent of the Internet has yielded the rapid development of Information Technology related applications over the past two decades. Most organizations have adopted the use of a computer network to make accessibility and sharing of network applications and devices possible. However, currently, network security has been one of the critical things most organization and corporation has to handle. Each day, attacks are continually being executed into professional secured corporate or organization networks and sometimes into private networks. Wireshark is a tool generally used for network packet capture however, it is very tedious sometimes to filter and follow TCP streams. This problem exacerbates in a situation where colossal network data or traffic needs to be analyzed for suspicious traffic. This paper leverages the use of Python libraries and Data Science techniques to ease the packet capturing and graphical analysis process on a live network. Using these techniques will enhance the gleaning out more interesting attributes of network packet and fish out the suspicious IP address, network ports or malicious data readily within the shortest possible time. The research conducted showed how a broadcast IP address 255.255.255.255 might be suspicious within the internal network of the live university network. The suspicion was based on the payload data sent to this address and a possible error or misconfiguration on the Ubiquiti UniFi access point.
DOI:10.1109/CyberSA49311.2020.9139672