Name: Devansh Jaiswal
Role: Aspiring Cybersecurity Operations Analyst
Email: devanshjaiswal.work@gmail.com
This project demonstrates hands-on network security analysis by simulating real-world cyber attacks in a controlled lab environment and analyzing the resulting network traffic using Wireshark.
The objective is to understand:
- How attacks appear at the packet level
- How to detect malicious traffic patterns
- How attackers impact system performance
| Component | Details |
|---|---|
| Hypervisor | Oracle VirtualBox |
| Attacker | Kali Linux (192.168.1.12) |
| Victim | Ubuntu Linux (192.168.1.11) |
| Network | Isolated Internal Network |
| Capture Tool | Wireshark |
- Tool Used:
Hydra - Target Port: 22 (SSH)
- Detection Indicators:
- Repeated authentication failures
- Rapid SSH connection attempts
- Short time gaps between attempts
- Tool Used:
hping3 - Attack Type: Denial of Service (DoS)
- Detection Indicators:
- Large volume of SYN packets
- Missing ACK packets
- Half-open TCP connections
- Tool Used:
Ettercap - Detection Indicators:
- Unsolicited ARP replies
- Multiple IPs mapped to same MAC
- Traffic interception (HTTP credentials)
- Tool Used:
hping3 - Detection Indicators:
- Excessive ICMP Echo Requests
- High packet rate
- Increased CPU and network usage
- Wireshark
- Hydra
- hping3
- Ettercap
- Nmap
- Kali Linux
- Ubuntu Linux
- How real attacks look in packet captures
- Effective Wireshark filters for attack detection
- Impact of attacks on system performance
- Importance of traffic analysis in SOC operations
All the Screenshots of the important Attack Proof.
This project was conducted in a fully isolated lab environment for educational purposes only.