Advent of Cyber 2023 Day-2

Advent of Cyber 2023 Day-2

ยท

2 min read

Day 2 involves the essence of data science: the use of Python, Pandas and MatPlotLib to extract information contained in a ".csv" file, and to learn how this helps in Cybersecurity.
For the following tasks, we needed to access the VM and view it as a split-screen.
The need of a VM, you ask? Well, today's tasks require us to run some code snippets on Jupyter Notebook! Therefore it would be convenient if we run it on split-screen: one side for reading and completing the tasks and the other side for using Jupyter Notebook.

For those who are not familiar with their usage, it is recommended to have a brief read about the pre-requisites for day 2.


Task-1: Open the notebook "Workbook" located in the directory "4_Capstone" on the VM. Use what you have learned today to analyse the packet capture.

  • Just click on "Submit" button

Make sure to run block 1 and 2 before proceeding.

Task-2: How many packets were captured (looking at the PacketNumber)?

  • Enter the following code in block 3:

      df.count()
    

The following output will be obtained

The number alongside PacketNumber is the required answer, i.e., 100.

Task-3: What IP address sent the most amount of traffic during the packet capture?

  • Here we will be looking at source IPs and group them by size, in order to find the source IP used the maximum number of times. Run the following code in block 4:

      df.groupby(['Source']).size()
    

From the following output, identify the IP having the maximum value on the right column. Thus, our required answer is 10.10.1.4.

Task-4: What was the most frequent protocol?

  • Here we will be using Pandas "value_counts", which returns number of unique occurences in the given column. Thus, required code will be:

  •     df.value_counts(['Protocol'])
    

Clearly, ICMP has the most occurences among other protocols. Thus, required answer is ICMP.

Additionally, you can check out their Intro to Log Analysis Room.

That's all, folks!

ย