By analyzing network traffic, we will identify potential security threats, network anomalies, and performance bottlenecks.
This step-by-step guide will help you provide valuable hands-on experience in network traffic analysis and identify malicious traffic.
The pcap files I used in this lab can be downloaded from https://www.malware-traffic-analysis.net/
- Wireshark: A powerful network protocol analyzer for capturing and inspecting network traffic.
- NetworkMiner: An open source network forensics tool that extracts artifacts, such as files, images, emails and passwords from PCAPs.
- Snort: An open-source intrusion detection system (IDS) for detecting network-based threats.
- Kali Linux : This will use to analyze malicious network traffic using Wireshark
- Preinstalled and configured Snort server : This will use to record the alerts generated by Snort during the analysis.
- Ensure your Snort server and Kali Linux are updated.
- Make sure you have administrative access to both systems.