SDAV Practical Worksheet 1


The completion and sign-off of this worksheet is worth 5% towards your final mark for this module.

Task


You have been asked to examine a sample of network traffic to investigate a possible malware infection. The company directors need to be able to understand this data.

Your task is to produce a series of different visual representations to describe and understand the characteristics of the data. As a bare minimum, you should show at least 1 line chart, 1 bar chart, and 1 scatter plot. For each chart, you need to decide what data is useful for the chart representation, and how you can manipulate the raw data appropriately for this. You should then also provide a brief caption for each chart that describes what data is used, what the data shows, and what insight this may provide for furthering this investigation.

Assessment and Marking


Marks are awarded for the following:

  • 1 mark for producing a suitable line chart
  • 1 mark for producing a suitable bar chart
  • 1 mark for producing a suitable scatter plot
  • 2 marks for suitable choices of what data to show, and providing informative captions for each chart in the form of markdown cells

Submission


You will need to demonstrate your final solution in notebook format to the module leader during the practical workshop sessions. Once this has been signed as complete by the module leader, please save your notebook as an 'HTML' file, showing all cell output, and e-mail the HTML file to the module leader (Phil.Legg@uwe.ac.uk), with an e-mail subject line: 'SDAV-WORKSHEET1'.

In [5]:
### Here are the imports that you will require
import numpy as np
import pandas as pd
import matplotlib.pyplot as plt
import seaborn as sns
import urllib.request

def load_data():
    # the data is a standard pcap packet capture file (saved as a csv output)
    file_name = 'packet_capture.csv'
    url = "http://plegg.me.uk/teaching/sdav/workshops/data/" + file_name
    # this will download the data for us from the URL and save it locally
    with urllib.request.urlopen(url) as response, open(file_name, 'wb') as out_file:
        data = response.read()
        out_file.write(data)
    # this will then put the csv data into a pandas dataframe
    data = pd.read_csv(file_name)
    return data
In [6]:
data = load_data()
data
Out[6]:
No. Time Src SrcPort Dest DestPort Protocol Length Cum. Bytes Info
0 1 2015-07-23 15:56:00.020327 192.168.137.85 49267.0 23.205.169.72 80.0 TCP 60 60 49267 > 80 [ACK] Seq=1 Ack=1 Win=1367 Len=0
1 2 2015-07-23 15:56:00.020474 192.168.137.85 49267.0 23.205.169.72 80.0 TCP 60 120 49267 > 80 [ACK] Seq=1 Ack=1368 Win=1367 Len=0
2 3 2015-07-23 15:56:00.020801 23.205.169.72 80.0 192.168.137.85 49267.0 TCP 1421 1541 80 > 49267 [ACK] Seq=1368 Ack=1 Win=758 Len=...
3 4 2015-07-23 15:56:00.020865 23.205.169.72 80.0 192.168.137.85 49267.0 TCP 1421 2962 80 > 49267 [ACK] Seq=2735 Ack=1 Win=758 Len=...
4 5 2015-07-23 15:56:00.021032 192.168.137.85 49267.0 23.205.169.72 80.0 TCP 60 3022 49267 > 80 [ACK] Seq=1 Ack=2735 Win=1367 Len=0
5 6 2015-07-23 15:56:00.021109 192.168.137.85 49267.0 23.205.169.72 80.0 TCP 60 3082 49267 > 80 [ACK] Seq=1 Ack=4102 Win=1367 Len=0
6 7 2015-07-23 15:56:00.021580 23.205.169.72 80.0 192.168.137.85 49267.0 TCP 1421 4503 80 > 49267 [ACK] Seq=4102 Ack=1 Win=758 Len=...
7 8 2015-07-23 15:56:00.021639 23.205.169.72 80.0 192.168.137.85 49267.0 TCP 1421 5924 80 > 49267 [ACK] Seq=5469 Ack=1 Win=758 Len=...
8 9 2015-07-23 15:56:00.021805 192.168.137.85 49267.0 23.205.169.72 80.0 TCP 60 5984 49267 > 80 [ACK] Seq=1 Ack=5469 Win=1367 Len=0
9 10 2015-07-23 15:56:00.021885 192.168.137.85 49267.0 23.205.169.72 80.0 TCP 60 6044 49267 > 80 [ACK] Seq=1 Ack=6836 Win=1361 Len=0
10 11 2015-07-23 15:56:00.022362 23.205.169.72 80.0 192.168.137.85 49267.0 TCP 1421 7465 80 > 49267 [ACK] Seq=6836 Ack=1 Win=758 Len=...
11 12 2015-07-23 15:56:00.022426 23.205.169.72 80.0 192.168.137.85 49267.0 TCP 1421 8886 80 > 49267 [ACK] Seq=8203 Ack=1 Win=758 Len=...
12 13 2015-07-23 15:56:00.022482 23.205.169.72 80.0 192.168.137.85 49267.0 TCP 1421 10307 80 > 49267 [ACK] Seq=9570 Ack=1 Win=758 Len=...
13 14 2015-07-23 15:56:00.022588 192.168.137.85 49267.0 23.205.169.72 80.0 TCP 60 10367 49267 > 80 [ACK] Seq=1 Ack=8203 Win=1356 Len=0
14 15 2015-07-23 15:56:00.022670 192.168.137.85 49267.0 23.205.169.72 80.0 TCP 60 10427 49267 > 80 [ACK] Seq=1 Ack=9570 Win=1350 Len=0
15 16 2015-07-23 15:56:00.022814 192.168.137.85 49267.0 23.205.169.72 80.0 TCP 60 10487 49267 > 80 [ACK] Seq=1 Ack=10937 Win=1345 Len=0
16 17 2015-07-23 15:56:00.023143 23.205.169.72 80.0 192.168.137.85 49267.0 TCP 1421 11908 80 > 49267 [ACK] Seq=10937 Ack=1 Win=758 Len...
17 18 2015-07-23 15:56:00.023200 23.205.169.72 80.0 192.168.137.85 49267.0 TCP 1421 13329 80 > 49267 [ACK] Seq=12304 Ack=1 Win=758 Len...
18 19 2015-07-23 15:56:00.023365 192.168.137.85 49267.0 23.205.169.72 80.0 TCP 60 13389 49267 > 80 [ACK] Seq=1 Ack=12304 Win=1340 Len=0
19 20 2015-07-23 15:56:00.023446 192.168.137.85 49267.0 23.205.169.72 80.0 TCP 60 13449 49267 > 80 [ACK] Seq=1 Ack=13671 Win=1334 Len=0
20 21 2015-07-23 15:56:00.023921 23.205.169.72 80.0 192.168.137.85 49267.0 TCP 1421 14870 80 > 49267 [ACK] Seq=13671 Ack=1 Win=758 Len...
21 22 2015-07-23 15:56:00.023988 23.205.169.72 80.0 192.168.137.85 49267.0 TCP 1421 16291 80 > 49267 [ACK] Seq=15038 Ack=1 Win=758 Len...
22 23 2015-07-23 15:56:00.024150 192.168.137.85 49267.0 23.205.169.72 80.0 TCP 60 16351 49267 > 80 [ACK] Seq=1 Ack=15038 Win=1329 Len=0
23 24 2015-07-23 15:56:00.024227 192.168.137.85 49267.0 23.205.169.72 80.0 TCP 60 16411 49267 > 80 [ACK] Seq=1 Ack=16405 Win=1324 Len=0
24 25 2015-07-23 15:56:00.037211 23.205.169.72 80.0 192.168.137.85 49267.0 TCP 1421 17832 80 > 49267 [ACK] Seq=16405 Ack=1 Win=758 Len...
25 26 2015-07-23 15:56:00.037341 192.168.137.85 49240.0 23.205.169.27 80.0 TCP 60 17892 49240 > 80 [ACK] Seq=1 Ack=1 Win=256 Len=0
26 27 2015-07-23 15:56:00.037427 192.168.137.85 49267.0 23.205.169.72 80.0 TCP 60 17952 49267 > 80 [ACK] Seq=1 Ack=17772 Win=1318 Len=0
27 28 2015-07-23 15:56:00.037954 23.205.169.72 80.0 192.168.137.85 49267.0 TCP 1421 19373 80 > 49267 [ACK] Seq=17772 Ack=1 Win=758 Len...
28 29 2015-07-23 15:56:00.038022 23.205.169.72 80.0 192.168.137.85 49267.0 TCP 1421 20794 80 > 49267 [ACK] Seq=19139 Ack=1 Win=758 Len...
29 30 2015-07-23 15:56:00.038082 23.205.169.72 80.0 192.168.137.85 49267.0 TCP 1421 22215 80 > 49267 [ACK] Seq=20506 Ack=1 Win=758 Len...
... ... ... ... ... ... ... ... ... ... ...
73725 73726 2015-07-23 16:03:20.662437 192.168.137.1 53.0 192.168.137.85 62241.0 DNS 187 55935732 Standard query response 0xdf34 No such name A ...
73726 73727 2015-07-23 16:03:20.662507 192.168.137.1 53.0 192.168.137.85 62241.0 DNS 187 55935919 Standard query response 0xdf34 No such name A ...
73727 73728 2015-07-23 16:03:20.662565 192.168.137.1 53.0 192.168.137.85 62241.0 DNS 187 55936106 Standard query response 0xdf34 No such name A ...
73728 73729 2015-07-23 16:03:20.662607 192.168.137.1 53.0 192.168.137.85 62241.0 DNS 187 55936293 Standard query response 0xdf34 No such name A ...
73729 73730 2015-07-23 16:03:20.662642 192.168.137.1 53.0 192.168.137.85 62241.0 DNS 187 55936480 Standard query response 0xdf34 No such name A ...
73730 73731 2015-07-23 16:03:20.662675 192.168.137.1 53.0 192.168.137.85 62241.0 DNS 187 55936667 Standard query response 0xdf34 No such name A ...
73731 73732 2015-07-23 16:03:20.662705 192.168.137.1 53.0 192.168.137.85 62241.0 DNS 187 55936854 Standard query response 0xdf34 No such name A ...
73732 73733 2015-07-23 16:03:23.411009 192.168.137.1 53.0 192.168.137.85 62241.0 DNS 187 55937041 Standard query response 0xdf34 No such name A ...
73733 73734 2015-07-23 16:03:23.740491 192.168.137.1 53.0 192.168.137.85 62241.0 DNS 187 55937228 Standard query response 0xdf34 No such name A ...
73734 73735 2015-07-23 16:03:23.740554 192.168.137.1 53.0 192.168.137.85 62241.0 DNS 187 55937415 Standard query response 0xdf34 No such name A ...
73735 73736 2015-07-23 16:03:23.740597 192.168.137.1 53.0 192.168.137.85 62241.0 DNS 187 55937602 Standard query response 0xdf34 No such name A ...
73736 73737 2015-07-23 16:03:23.740628 192.168.137.1 53.0 192.168.137.85 62241.0 DNS 187 55937789 Standard query response 0xdf34 No such name A ...
73737 73738 2015-07-23 16:03:23.740679 192.168.137.1 53.0 192.168.137.85 62241.0 DNS 187 55937976 Standard query response 0xdf34 No such name A ...
73738 73739 2015-07-23 16:03:23.740721 192.168.137.1 53.0 192.168.137.85 62241.0 DNS 187 55938163 Standard query response 0xdf34 No such name A ...
73739 73740 2015-07-23 16:03:26.410938 192.168.137.1 53.0 192.168.137.85 62241.0 DNS 187 55938350 Standard query response 0xdf34 No such name A ...
73740 73741 2015-07-23 16:03:26.526200 192.168.137.1 53.0 192.168.137.85 62241.0 DNS 187 55938537 Standard query response 0xdf34 No such name A ...
73741 73742 2015-07-23 16:03:26.526278 192.168.137.1 53.0 192.168.137.85 62241.0 DNS 187 55938724 Standard query response 0xdf34 No such name A ...
73742 73743 2015-07-23 16:03:26.526333 192.168.137.1 53.0 192.168.137.85 62241.0 DNS 187 55938911 Standard query response 0xdf34 No such name A ...
73743 73744 2015-07-23 16:03:26.526391 192.168.137.1 53.0 192.168.137.85 62241.0 DNS 187 55939098 Standard query response 0xdf34 No such name A ...
73744 73745 2015-07-23 16:03:26.526434 192.168.137.1 53.0 192.168.137.85 62241.0 DNS 187 55939285 Standard query response 0xdf34 No such name A ...
73745 73746 2015-07-23 16:03:26.526475 192.168.137.1 53.0 192.168.137.85 62241.0 DNS 187 55939472 Standard query response 0xdf34 No such name A ...
73746 73747 2015-07-23 16:03:26.526513 192.168.137.1 53.0 192.168.137.85 62241.0 DNS 187 55939659 Standard query response 0xdf34 No such name A ...
73747 73748 2015-07-23 16:03:29.421578 192.168.137.1 53.0 192.168.137.85 62241.0 DNS 187 55939846 Standard query response 0xdf34 No such name A ...
73748 73749 2015-07-23 16:03:29.536739 192.168.137.1 53.0 192.168.137.85 62241.0 DNS 187 55940033 Standard query response 0xdf34 No such name A ...
73749 73750 2015-07-23 16:03:29.536814 192.168.137.1 53.0 192.168.137.85 62241.0 DNS 187 55940220 Standard query response 0xdf34 No such name A ...
73750 73751 2015-07-23 16:03:29.536867 192.168.137.1 53.0 192.168.137.85 62241.0 DNS 187 55940407 Standard query response 0xdf34 No such name A ...
73751 73752 2015-07-23 16:03:29.536926 192.168.137.1 53.0 192.168.137.85 62241.0 DNS 187 55940594 Standard query response 0xdf34 No such name A ...
73752 73753 2015-07-23 16:03:29.536970 192.168.137.1 53.0 192.168.137.85 62241.0 DNS 187 55940781 Standard query response 0xdf34 No such name A ...
73753 73754 2015-07-23 16:03:29.537001 192.168.137.1 53.0 192.168.137.85 62241.0 DNS 187 55940968 Standard query response 0xdf34 No such name A ...
73754 73755 2015-07-23 16:03:29.537052 192.168.137.1 53.0 192.168.137.85 62241.0 DNS 187 55941155 Standard query response 0xdf34 No such name A ...

73755 rows × 10 columns

In [ ]: