Network Traffic Analysis
traffic-analysis
Intrusion Detection
intrusion-detection
Firewall Configuration
firewall-config
Learn to analyze network packets to identify suspicious activities and potential security threats.
# Using tcpdump to capture suspicious traffic:
tcpdump -i eth0 -n "host 192.168.1.100 and port 22" -w capture.pcap
# Reading captured packets with Wireshark filter:
tcp.flags.syn == 1 and tcp.flags.ack == 0
# Python script to analyze packets with Scapy:
from scapy.all import *
def analyze_packet(packet):
if TCP in packet and packet[TCP].flags & 2: # SYN packets
print(f"SYN packet: {packet[IP].src} -> {packet[IP].dst}")
sniff(filter="tcp", prn=analyze_packet)