Cybersecurityknowledge~30 mins

Network traffic analysis in Cybersecurity - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Practice Challenge Project Recall Time

Network Traffic Analysis Basics

📖 Scenario: You are a cybersecurity analyst monitoring network traffic to identify unusual activity. You have captured some network packets and want to organize and analyze them to understand the traffic patterns.

🎯 Goal: Build a simple data structure to represent network packets, configure a filter to select specific traffic, apply the filter to extract relevant packets, and finalize the analysis setup.

📋 What You'll Learn

Create a list of dictionaries representing network packets with exact fields and values

Add a filter variable to select packets from a specific source IP

Use a list comprehension to filter packets based on the source IP

Add a final step to count the filtered packets and store the count in a variable

💡 Why This Matters

🌍 Real World

Network traffic analysis helps cybersecurity professionals monitor and detect unusual or malicious activity on a network by examining packet data.

💼 Career

Understanding how to organize and filter network packets is essential for roles like network analyst, cybersecurity analyst, and IT security specialist.

Progress0 / 4 steps

Create the initial network packets data

Create a list called packets containing exactly three dictionaries. Each dictionary should have these keys and values:
1. {'src_ip': '192.168.1.10', 'dest_ip': '10.0.0.5', 'protocol': 'TCP', 'size': 1500}
2. {'src_ip': '192.168.1.15', 'dest_ip': '10.0.0.8', 'protocol': 'UDP', 'size': 850}
3. {'src_ip': '10.0.0.5', 'dest_ip': '192.168.1.10', 'protocol': 'TCP', 'size': 1500}

Cybersecurity

# Create the list called packets with three dictionaries as described
# Your code here

Need a hint?

Use a list with three dictionaries. Each dictionary must have the keys src_ip, dest_ip, protocol, and size with the exact values given.

Add a filter for source IP

Create a variable called filter_src_ip and set it to the string '192.168.1.10'. This will be used to select packets coming from this IP address.

Cybersecurity

packets = [
    {'src_ip': '192.168.1.10', 'dest_ip': '10.0.0.5', 'protocol': 'TCP', 'size': 1500},
    {'src_ip': '192.168.1.15', 'dest_ip': '10.0.0.8', 'protocol': 'UDP', 'size': 850},
    {'src_ip': '10.0.0.5', 'dest_ip': '192.168.1.10', 'protocol': 'TCP', 'size': 1500}
]
# Create filter_src_ip variable with value '192.168.1.10'
# Your code here

Need a hint?

Just assign the string '192.168.1.10' to the variable filter_src_ip.

Filter packets by source IP

Create a new list called filtered_packets using a list comprehension. It should include only those packets from packets where the src_ip matches the value in filter_src_ip.

Cybersecurity

packets = [
    {'src_ip': '192.168.1.10', 'dest_ip': '10.0.0.5', 'protocol': 'TCP', 'size': 1500},
    {'src_ip': '192.168.1.15', 'dest_ip': '10.0.0.8', 'protocol': 'UDP', 'size': 850},
    {'src_ip': '10.0.0.5', 'dest_ip': '192.168.1.10', 'protocol': 'TCP', 'size': 1500}
]
filter_src_ip = '192.168.1.10'
# Create filtered_packets list using list comprehension filtering by src_ip
# Your code here

Need a hint?

Use a list comprehension that loops over packets and includes only packets where packet['src_ip'] == filter_src_ip.

Count filtered packets

Create a variable called count_filtered and set it to the number of items in filtered_packets using the len() function.

Cybersecurity

packets = [
    {'src_ip': '192.168.1.10', 'dest_ip': '10.0.0.5', 'protocol': 'TCP', 'size': 1500},
    {'src_ip': '192.168.1.15', 'dest_ip': '10.0.0.8', 'protocol': 'UDP', 'size': 850},
    {'src_ip': '10.0.0.5', 'dest_ip': '192.168.1.10', 'protocol': 'TCP', 'size': 1500}
]
filter_src_ip = '192.168.1.10'
filtered_packets = [packet for packet in packets if packet['src_ip'] == filter_src_ip]
# Create count_filtered variable with the length of filtered_packets
# Your code here

Need a hint?

Use the len() function on filtered_packets and assign it to count_filtered.