Graphical analysis of captured network packets for detection of suspicious network nodes

摘要

The advent of the Internet has yielded the rapid development of Information Technology related applications over the past two decades. Most organizations have adopted the use of a computer network to make accessibility and sharing of network applications and devices possible. However, currently, network security has been one of the critical things most organization and corporation has to handle. Each day, attacks are continually being executed into professional secured corporate or organization networks and sometimes into private networks. Wireshark is a tool generally used for network packet capture however, it is very tedious sometimes to filter and follow TCP streams. This problem exacerbates in a situation where colossal network data or traffic needs to be analyzed for suspicious traffic. This paper leverages the use of Python libraries and Data Science techniques to ease the packet capturing and graphical analysis process on a live network. Using these techniques will enhance the gleaning out more interesting attributes of network packet and fish out the suspicious IP address, network ports or malicious data readily within the shortest possible time. The research conducted showed how a broadcast IP address 255.255.255.255 might be suspicious within the internal network of the live university network. The suspicion was based on the payload data sent to this address and a possible error or misconfiguration on the Ubiquiti UniFi access point.