Bird
Raised Fist0
Cybersecurityknowledge~20 mins

Network traffic analysis in Cybersecurity - Practice Problems & Coding Challenges

Choose your learning style10 modes available
LearnWhyDeepVisualPracticeChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Challenge - 5 Problems
🎖️
Network Traffic Analysis Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate
2:00remaining
Understanding Packet Capture

What is the primary purpose of capturing network packets during traffic analysis?

ATo record data packets for later inspection to identify network issues or threats
BTo block all incoming network traffic to prevent attacks
CTo increase the speed of data transmission across the network
DTo encrypt data packets to secure communication
Attempts:
2 left
💡 Hint

Think about why analysts need to see the actual data moving through the network.

📋 Factual
intermediate
2:00remaining
Common Protocols in Network Traffic

Which of the following protocols is most commonly analyzed in network traffic to detect web browsing activity?

AFTP (File Transfer Protocol)
BSMTP (Simple Mail Transfer Protocol)
CHTTP (Hypertext Transfer Protocol)
DDNS (Domain Name System)
Attempts:
2 left
💡 Hint

Consider which protocol is used when you visit websites.

🔍 Analysis
advanced
2:00remaining
Identifying Anomalous Traffic Patterns

During network traffic analysis, which pattern is most likely to indicate a Distributed Denial of Service (DDoS) attack?

ARegular traffic with normal packet sizes and intervals
BA steady, low volume of traffic from a single IP address
CEncrypted traffic using HTTPS on port 443
DA sudden spike in traffic from many different IP addresses targeting a single server
Attempts:
2 left
💡 Hint

Think about what happens when many computers try to overwhelm one server at once.

Comparison
advanced
2:00remaining
Passive vs Active Network Traffic Analysis

Which statement best describes the difference between passive and active network traffic analysis?

APassive analysis observes traffic without interfering; active analysis injects traffic or probes the network
BPassive analysis blocks suspicious traffic; active analysis only logs traffic
CPassive analysis requires user interaction; active analysis runs automatically
DPassive analysis encrypts traffic; active analysis decrypts traffic
Attempts:
2 left
💡 Hint

Consider whether the analysis changes the traffic or just watches it.

Reasoning
expert
2:00remaining
Interpreting Encrypted Traffic in Network Analysis

When most network traffic is encrypted, what is the best approach for a security analyst to still detect suspicious activity?

ADecrypt all traffic using the network's private keys without restrictions
BAnalyze metadata such as packet size, timing, and destination IP addresses
CIgnore encrypted traffic since it cannot be analyzed
DOnly monitor unencrypted traffic on port 80
Attempts:
2 left
💡 Hint

Think about what information is still visible even if the content is hidden.

Practice

(1/5)
1. What is the main purpose of network traffic analysis?
easy
A. To create new network devices
B. To monitor and understand data flow in a network
C. To increase the physical size of a network
D. To replace all network cables

Solution

  1. Step 1: Understand the role of network traffic analysis

    Network traffic analysis involves watching data packets moving through a network to understand how the network is used.

  2. Step 2: Identify the main goal

    The main goal is to monitor and understand data flow to keep the network safe and efficient.

  3. Final Answer:

    To monitor and understand data flow in a network -> Option B

  4. Quick Check:

    Network traffic analysis = monitor data flow [OK]
Hint: Think about what watching data packets achieves [OK]
Common Mistakes:
  • Confusing analysis with physical network building
  • Thinking it creates devices
  • Assuming it changes network size
2. Which of the following is a common tool used in network traffic analysis?
easy
A. Wireshark
B. Photoshop
C. Excel
D. WordPress

Solution

  1. Step 1: Identify tools related to network traffic

    Wireshark is a well-known tool designed to capture and analyze network packets.

  2. Step 2: Eliminate unrelated tools

    Photoshop is for images, Excel for spreadsheets, and WordPress for websites, none analyze network traffic.

  3. Final Answer:

    Wireshark -> Option A

  4. Quick Check:

    Network analysis tool = Wireshark [OK]
Hint: Pick the tool known for packet capture [OK]
Common Mistakes:
  • Choosing software unrelated to networks
  • Confusing general software with analysis tools
  • Not recognizing Wireshark
3. Consider this simplified network traffic log snippet:
Time: 10:00, Source IP: 192.168.1.5, Destination IP: 10.0.0.2, Protocol: TCP, Size: 1500 bytes
What does this entry tell you?
medium
A. A TCP packet of 1500 bytes was sent from 192.168.1.5 to 10.0.0.2 at 10:00
B. A UDP packet of 1500 bytes was sent from 10.0.0.2 to 192.168.1.5 at 10:00
C. A TCP packet of 1500 bytes was sent from 10.0.0.2 to 192.168.1.5 at 10:00
D. A TCP packet of 1500 bytes was sent from 192.168.1.5 to 10.0.0.2 at 11:00

Solution

  1. Step 1: Read the log details carefully

    The log shows a packet sent at 10:00 from source IP 192.168.1.5 to destination IP 10.0.0.2 using TCP protocol with size 1500 bytes.

  2. Step 2: Match details with options

    A TCP packet of 1500 bytes was sent from 192.168.1.5 to 10.0.0.2 at 10:00 matches all details exactly. Other options have wrong protocol, IP direction, or time.

  3. Final Answer:

    A TCP packet of 1500 bytes was sent from 192.168.1.5 to 10.0.0.2 at 10:00 -> Option A

  4. Quick Check:

    Match log details exactly = A TCP packet of 1500 bytes was sent from 192.168.1.5 to 10.0.0.2 at 10:00 [OK]
Hint: Match source, destination, protocol, and time exactly [OK]
Common Mistakes:
  • Mixing up source and destination IPs
  • Confusing TCP with UDP
  • Misreading the timestamp
4. A network analyst wrote this filter to capture only HTTP traffic:
tcp.port == 80
But it captures no packets. What is the likely error?
medium
A. The filter should be 'tcp.port != 80'
B. The filter should be 'udp.port == 80' instead
C. The filter should be 'tcp.port = 80' with one equal sign
D. The filter should use 'tcp.dstport == 80' or 'tcp.srcport == 80' instead

Solution

  1. Step 1: Understand the filter syntax

    In many network tools, 'tcp.port' alone is not a valid filter; you must specify source or destination port.

  2. Step 2: Identify correct filter usage

    Using 'tcp.dstport == 80' or 'tcp.srcport == 80' correctly filters HTTP traffic on port 80.

  3. Final Answer:

    The filter should use 'tcp.dstport == 80' or 'tcp.srcport == 80' instead -> Option D

  4. Quick Check:

    Specify source or destination port for correct filtering [OK]
Hint: Specify src or dst port, not just tcp.port [OK]
Common Mistakes:
  • Using single '=' instead of '=='
  • Filtering UDP instead of TCP
  • Using '!=' which excludes port 80
5. You want to detect unusual spikes in network traffic size over time. Which approach best applies network traffic analysis?
hard
A. Ignore packet sizes and focus on IP addresses only
B. Only capture packets during business hours
C. Capture packets continuously and analyze size trends using graphs
D. Manually check each packet without tools

Solution

  1. Step 1: Understand the goal of detecting traffic spikes

    Detecting spikes means watching how packet sizes change over time, requiring continuous data collection.

  2. Step 2: Identify the best method

    Using tools to capture packets continuously and graph size trends helps spot unusual spikes effectively.

  3. Final Answer:

    Capture packets continuously and analyze size trends using graphs -> Option C

  4. Quick Check:

    Continuous capture + trend analysis = detect spikes [OK]
Hint: Use continuous capture and graph size changes [OK]
Common Mistakes:
  • Limiting capture times reduces data accuracy
  • Ignoring packet size misses spike info
  • Manual checking is impractical for large data