This Python script utilises Wireshark or TCPdump to analyse network traffic stored in a specified .pcap or .pcapng file. The objective is to detect potential malicious activities and attacks. The script covers a range of suspicious network behaviors, including:
DNS Tunneling
SSH Tunneling
TCP Session Hijacking
SMB Attack
SMTP or DNS Attack
IPv6 Fragmentation Attack
TCP RST Attack
SYN Flood Attack
UDP Flood Attack
Slowloris Attack
Additionally, the script attempts to identify packages containing specific suspicious keywords such as “password,” “login,” “admin,” etc. Detected activities and attacks are displayed in the console.
Usage Instructions:
1. Clone the repository:
git clone https://github.com/alperenugurlu/Network_Assessment.git
2. Install required dependencies:
pip3 install -r requirements.txt
3. Run the script:
python3 Network_Compromise_Assessment.py
4. Enter the path to the .pcap or .pcapng file when prompted.
Example:
Please enter the path to the .pcap or .pcapng file: /root/Desktop/TCP_RST_Attack.pcap
Script Structure:
get_user_input(): Retrieves the path of the .pcap file from the user.
get_all_ip_addresses(capture): Returns a set containing all source and destination IP addresses.
detect_* functions: Used to detect specific attacks and suspicious activities.
main(): Executes the primary operations of the script. It prompts the user for the file path and then analyses the file to identify specified attacks and suspicious activities.
Feel free to explore and enhance the capabilities of the script for a more comprehensive network assessment.
Download Link: Network_Assessment