Posts

Analysis of an example malware pcap file

Image
   Malware Presence Confirmation using Network Traffic Analysis of a PCAP File Introduction Malware is malicious software designed to infiltrate, damage, or gain unauthorized access to computer systems. Many types of malware communicate with external servers in order to receive commands or exfiltrate stolen data. Network traffic analysis is a powerful technique used to detect such malicious behavior by examining captured packet data.   In this assignment, a packet capture (PCAP) file containing network traffic from an infected system was analyzed using Wireshark. The objective was to identify suspicious communication patterns and confirm the presence of malware by analyzing DNS queries, HTTP requests, and FTP communication observed in the captured traffic. Objectives 1. To analyze network traffic captured in a PCAP file using Wireshark. 2. To identify suspicious domains, protocols, and communication patterns in the captured traffic. 3. To detect evidence of malware activi...
Post a Comment
Read more

Measuring window sizes scaling using statistical graphs

Image
Analysis of Traffic using Wireshark - Measurement of TCP Window Size Under Different Traffic Conditions   1. Introduction Computer networks rely on efficient data transmission mechanisms to ensure reliable communication between devices. One important parameter that influences network performance is the TCP window size . The TCP window size controls how much data can be sent by a sender before waiting for an acknowledgement from the receiver. The TCP window size is part of the Transmission Control Protocol (TCP)  and plays a crucial role in flow control. It helps prevent network congestion by limiting the amount of data transmitted before receiving confirmation from the receiving host. In this experiment, the TCP window size parameter is analyzed using Wireshark  under three different traffic conditions: normal traffic, medium traffic, and heavy traffic. By observing how the TCP window size behaves under varying network loads, we can understand how TCP adapts to changing n...
Post a Comment
Read more