UFCFFY-15-M Cyber Security Analytics¶

Practical Lab 2: Network Traffic Analysis¶

You have been asked to examine a sample of network traffic to investigate suspicious activity on some of the company workstations. The company directors need to be able to understand this data.

  • Can you analyse the packet capture (PCAP) file provided and produce useful visualisation outputs (e.g., line plot, bar chart, scatter plot) based on this, that can help further explain the observed activity?

Data: You will need to access the Lab 02 Dataset available on Blackboard to complete this task.

In [12]:
### Load in the libraries and the data
import pandas as pd
import matplotlib.pyplot as plt
import seaborn as sns

def load_csv_data():
    data = pd.read_csv('./example_data/example_pcap.csv')
    return data

data = load_csv_data()
data['Time'] = pd.to_datetime(data['Time'])
data
Out[12]:
No. Time Source Destination Protocol Length Info
0 1 2022-01-26 01:05:49.468757 172.16.1.4 172.16.1.255 BROWSER 243 Host Announcement CARLFORCE-DC1, Workstation, ...
1 2 2022-01-26 01:05:50.279222 172.16.1.4 172.16.1.255 BROWSER 243 Host Announcement CARLFORCE-DC1, Workstation, ...
2 3 2022-01-26 01:06:10.328524 172.16.1.201 224.0.0.252 LLMNR 66 Standard query 0x229b A isatap
3 4 2022-01-26 01:06:10.390913 172.16.1.201 172.16.1.4 DNS 76 Standard query 0x6ef6 A www.msftncsi.com
4 5 2022-01-26 01:06:10.391325 172.16.1.201 172.16.1.4 DNS 76 Standard query 0x6ef6 A www.msftncsi.com
... ... ... ... ... ... ... ...
8154 8155 2022-01-26 01:43:36.828784 172.16.1.141 174.127.99.158 TCP 66 [TCP Retransmission] 49211 > 2017 [SYN] Seq=...
8155 8156 2022-01-26 01:43:36.946258 174.127.99.158 172.16.1.141 TCP 54 2017 > 49211 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
8156 8157 2022-01-26 01:43:37.452810 172.16.1.141 174.127.99.158 TCP 62 [TCP Retransmission] 49211 > 2017 [SYN] Seq=...
8157 8158 2022-01-26 01:43:37.563033 174.127.99.158 172.16.1.141 TCP 54 2017 > 49211 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
8158 8159 2022-01-26 01:43:38.578617 172.16.1.141 174.127.99.158 TCP 66 49212 > 2017 [SYN] Seq=0 Win=8192 Len=0 MSS=...

8159 rows × 7 columns

In [10]:
# Can you create a line chart that shows the amount of activity (number of packets) per minute?
In [9]:
# Can you create a bar chart that shows the amount of activity for each protocol in our dataset?
In [8]:
# Can you create a scatter plot that compares source IPs with destination IP?
In [ ]: