Cybersecurityknowledge~30 mins

Network forensics in Cybersecurity - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Practice Challenge Project Recall Time

Network Forensics Basics

📖 Scenario: You are part of a cybersecurity team investigating a suspicious network activity. Your task is to organize and analyze network data to identify potential threats.

🎯 Goal: Build a simple structured overview of network traffic data, set criteria to filter suspicious packets, identify those packets, and finalize a report structure for further analysis.

📋 What You'll Learn

Create a dictionary with network packet data including source IP, destination IP, and packet size

Add a threshold variable to identify large packets

Use a dictionary comprehension to filter packets larger than the threshold

Add a summary entry to the dictionary to complete the report

💡 Why This Matters

🌍 Real World

Network forensics helps cybersecurity teams analyze network traffic to detect and investigate suspicious activities such as attacks or data breaches.

💼 Career

Understanding how to organize and filter network data is essential for roles like cybersecurity analyst, incident responder, and network administrator.

Progress0 / 4 steps

Create network packet data dictionary

Create a dictionary called network_packets with these exact entries: 'pkt1': {'src_ip': '192.168.1.2', 'dst_ip': '10.0.0.5', 'size': 500}, 'pkt2': {'src_ip': '192.168.1.3', 'dst_ip': '10.0.0.6', 'size': 1500}, 'pkt3': {'src_ip': '192.168.1.4', 'dst_ip': '10.0.0.7', 'size': 200}

Cybersecurity

# Create the network_packets dictionary with the specified entries
# Your code here

Need a hint?

Use a dictionary with keys 'pkt1', 'pkt2', 'pkt3' and each value is another dictionary with keys 'src_ip', 'dst_ip', and 'size'.

Set packet size threshold

Create a variable called size_threshold and set it to 1000 to mark packets larger than this size as suspicious.

Cybersecurity

network_packets = {
    'pkt1': {'src_ip': '192.168.1.2', 'dst_ip': '10.0.0.5', 'size': 500},
    'pkt2': {'src_ip': '192.168.1.3', 'dst_ip': '10.0.0.6', 'size': 1500},
    'pkt3': {'src_ip': '192.168.1.4', 'dst_ip': '10.0.0.7', 'size': 200}
}
# Define size_threshold variable
# Your code here

Need a hint?

Just create a variable named size_threshold and assign it the value 1000.

Filter suspicious packets

Create a dictionary called suspicious_packets using dictionary comprehension. Include only packets from network_packets where the packet 'size' is greater than size_threshold.

Cybersecurity

network_packets = {
    'pkt1': {'src_ip': '192.168.1.2', 'dst_ip': '10.0.0.5', 'size': 500},
    'pkt2': {'src_ip': '192.168.1.3', 'dst_ip': '10.0.0.6', 'size': 1500},
    'pkt3': {'src_ip': '192.168.1.4', 'dst_ip': '10.0.0.7', 'size': 200}
}
size_threshold = 1000
# Create suspicious_packets dictionary with packets larger than size_threshold
# Your code here

Need a hint?

Use dictionary comprehension with for pkt_id, info in network_packets.items() and filter with if info['size'] > size_threshold.

Add summary to report

Add a new key 'summary' to the suspicious_packets dictionary with the value 'Total suspicious packets: 1' to complete the report.

Cybersecurity

network_packets = {
    'pkt1': {'src_ip': '192.168.1.2', 'dst_ip': '10.0.0.5', 'size': 500},
    'pkt2': {'src_ip': '192.168.1.3', 'dst_ip': '10.0.0.6', 'size': 1500},
    'pkt3': {'src_ip': '192.168.1.4', 'dst_ip': '10.0.0.7', 'size': 200}
}
size_threshold = 1000
suspicious_packets = {pkt_id: info for pkt_id, info in network_packets.items() if info['size'] > size_threshold}
# Add summary key to suspicious_packets
# Your code here

Need a hint?

Assign the string to the key 'summary' in the suspicious_packets dictionary.