Network Traffic Forensics for Malware Detection using PCAP Analysis
Introduction : This data analysis focuses on identifying malware presence using passive network traffic analysis on the PCAP dataset dated 2020-04-24. The file was analyzed using Wireshark without executing any malicious code. A layered approach was applied by examining DNS, HTTP, TCP, and IP-level behavior to detect suspicious communication patterns. The analysis emphasizes indicators such as command-and-control (C2) communication, periodic beaconing, abnormal traffic bursts, and suspicious data transfers. Multiple independent observations were correlated to confirm the presence of malware activity within the network. Objectives : 1. To identify the infected host based on abnormal network behavior 2. To detect malware communication patterns such as command-and-control (C2) and beaconing 3. To analyze DNS, HTTP, and TCP traffic for malicious indicators 4. To observe abnormal traffic patterns such as bursts, short-lived sessions, and asymmetric data flow 5. To confirm malware presence u...