Packet Analysis using Wireshark Utilite i.e tshark . Here it is done in two parts One is DNS Packets Analysis which creates a Profile based on DNS Queries and Duration of Watch && Compares with other Profiles. Second IP_Addresses and Port Numbers Analysis in General View.
Network Traffic Analysis to interpret the User Interests and to detect any traffic anomaly.
- Packets are captured from the available interface on Host Machine or Given by User for Analysis.
- Packets Captured or Pcap or Data are gathered majorly and commonly from Wlan and Ethernet Interfaces.
- Packet Capture is not Pre-filtered rather Display filters are used as relevant filters for Features Extraction.
- Detecting and Clarifying Traffic Anomalies.
- Idea is to analyse (Data) to detect and identify any traffic anomaly & Analyze DNS Packets and co-packets to detect and identify User Interests and Duration of Conversation.
- Thereafter to Automate the process and make so that it generates reports, If any analogous behaviour occurs & Make Reports based on User Interests gathered from DNS Packets.
- The Data (Pcap) tells the Info which is useful for User Interests Profile Making over DNS Queries and Time Spend and are extracted using Post-Packet-Capture-Filters and Output Filters for Extraction.
- Features are classified as Categorical Features (a class) and Real-Value Data.
- Flow Analysis is the General Setting from which interpretation is done only Source/Destination IP Addresses and Port Numbers.
- A Report is Generated Called Profile from Packet Captures, is compared with other Profiles and A Comparison Table is prepared visualizing Matching and Non-Matching Profiles i.e. based on interests
- Visualizing Feature Extracted {Final} by Plotting them into different plots such as Historogram, BarGraph etc
Packet Capture does not Demonstrate the problem instead Results are prepared Post-Packet-Capturing by User Interpretation and Analysis.
- Here Data is the IP Addresses, Application Layer Protocols, Port Numbers, PDUs and others etc.
- At First all packets are captured then Filtered out and then Re-Filtered to final Features Extraction by Slicing and Comprehension and After Slicing Final Features, Data is Visualized, Reports are Generated and are Analyzed
- @ Who_is_Seeing: Raise Issues and Suggest Changes