— Dharma Tejaswini Janga

Directory Structure:

I created a main directory named wireshark-project with three subfolders:

• analysis/ – Stores all generated CSV reports and graphs.
• pcaps/ – Contains captured network traffic files (.pcap) for analysis.
• scripts/ – Holds all Python scripts used for detecting suspicious activity, such as port scans and anomalous DNS queries.

Tools & Technologies Used:

• Wireshark/Tshark — capturing and analyzing network traffic
• Python — for scripting, automation, and data processing
• Pandas — for parsing and consolidating alerts
• Matplotlib — for visualizing top attacker IPs and network anomalies
• Linux/Ubuntu — primary environment for running captures and scripts

Description

In this project, I built an automated Python toolkit to analyze the network traffic captured with Wireshark/Tshark. The goal was to detect potential threats, specifically port scans and DNS queries. I created scripts that parse network captures, consolidate alerts into a single report, and generate visualizations of the top attacking IPs.

This project demonstrates my ability to perform hands-on network traffic analysis, apply network security monitoring techniques, and create clear visual insights from raw traffic data. It’s a practical showcase of my skills in identifying and understanding network threats in real-world scenarios.

Scenario