Network Traffic Analysis Lab

In this demo, I will be analyzing malicious network traffics using Wireshark, NetworkMiner and Snort to identify the malicious activity in the network. This project aims to provide a comprehensive understanding of network traffic analysis using the open-source tools Wireshark and Snort.
By analyzing network traffic, we will identify potential security threats, network anomalies, and performance bottlenecks.

This step-by-step guide will help you provide valuable hands-on experience in network traffic analysis and identify malicious traffic.
The pcap files I used in this lab can be downloaded from https://www.malware-traffic-analysis.net/

Overview

• Wireshark: A powerful network protocol analyzer for capturing and inspecting network traffic.
• NetworkMiner: An open source network forensics tool that extracts artifacts, such as files, images, emails and passwords from PCAPs.
• Snort: An open-source intrusion detection system (IDS) for detecting network-based threats.

Prerequisites

• Kali Linux : This will use to analyze malicious network traffic using Wireshark
• Preinstalled and configured Snort server : This will use to record the alerts generated by Snort during the analysis.
• Ensure your Snort server and Kali Linux are updated.
• Make sure you have administrative access to both systems.