Packet Analytics
Packet Forensics and Analytics

Packet Analytics

Project Name: Packet Analytics
Description: Packet Analytics includes understanding Packet.

Both will perform this activity in Real Time so as to resolve many issues like DOS attack, DDOS Attack, Insider Threats, Access Intelligence, Bandwidth Issue and many more.

Author: Rohit D Sadgune

Frequently Asked Question on MOLOCH Packet Analytics

  1. What is MOLOCH Packet Analytics
  2. how to use MOLOCH
  3. How Elasticsearch works with MOLOCH
  4. How to install MOLOCH
  5. What is use of Packet Forensics
  6. Fundamentals of Packet Inspection
  7. How to configure MOLOCH
  8. What are different use cases of MOLOCH Packet Analytics

Summary of Content

ISO / OSI Layer Packet Inspection Packet Structure
Packet Analytics Application Traffic Analysis Host Based Analysis


ISO / OSI layer consist of 7 Layers. Each layer adds its own valuable information along with data as unique identification for peer layer.

Each layer needs to add some control information to the data in order to perform its services. This valuable chunk is typically added to the data before it is being given to the lower Layer.




Application PDU (Protocol Data Units)
Transport Segments
Network Packets
Data Link Frames
Physical BITS


As packets work on Network Layer we will look into the detail of Network Layer Header.


Network Layer Header Components

  • Protocol Suite Version
  • Type Of Service
  • Length Of The Data
  • Packet Identifier
  • Fragment Number
  • Time To Live
  • Protocol
  • Header Checksum
  • Source Network Address
  • Destination Network Address

Packet Structure

  • VER
  • IHL
  • Type of Service
  • Packet Length
  • Identification
  • Flag
  • Fragment Offest
  • Time To Live
  • Protocol
  • Header Check sum
  • Source IP Address
  • Destination IP Address
  • Optional
  • Padding
  • DATA
Packet Analytics - Packet Details
Packet Analytics – Packet Details

Packet Inspection

Signature Based

  • Header Based
  • Deep Packet Inspection

Behavior Based

  • Statistical Analysis
  • Data mining
  • Protocol Analysis

Packet Analytics Concepts

  • Packet Analytics is the process of capturing the network traffic & performing deep diving analysis to determine what transaction is happening on network.
  • Packet Analytics give detail analytical view for activities & communication which is happening or has happened over the network.
  • Anomaly Identification
  1. Traffic analysis can also be done for anomaly detection using network traffic.
  2. By creating outline of network traffic we can determine host, application & network level of access intelligence.
  3. Packet Analytics can be used to identify DDOS, DOS, Probbing, MAC Flooding
  • Packet Analytics is also used to perform Network Planning, Network Monitoring, Security Analytics
  • Network Traffic Forensics includes following aspects :
  1. Who has done the communication with whom
  2. When the communication was happened
  3. Connect of Message
  4. Length of Message
  5. Time stamp of communication
  • Packet Analytics includes aggregation, decoding & extracting useful information of packets.
  • Protocol based packet analytics
  1. Identification of traffic based on protocols which included source port & destination port.
  2. We can also create baseline or profile for identification of threats
  • Parameter for Packet Analytics
  1. In Packet Analytics, manner & pattern of communication is more important.
  2. Analytics is more of analysis of header

  • Application based Packet Analytics
  1. Different application work on different platforms & uses different protocol
  2. Primary objective is to identify & differentiate such traffic for more analysis
  3. Differentiating application based on protocol is a wrong adoption of method. Here the contextual analysis fails.
  4. Packet and protocol based decoding is required when application uses custom ports for communication
  5. In stateful packet analytics identification & preservation of context is very important.
  6. Stateful traffic analysis is best way to identify such application based traffic.
  7. In stateless packet inspection each packet needs to be analyze separately. In stateless packet analysis session, protocol, traffic, IPs needs to be correlated with each other manually. But it is not a true contextual analysis and it may give false positive result.
  • Host Base Traffic Analytics
  1. Identifying the traffic based on IP address
  2. This method is useful for Host behavior analysis
  3. Critical patters of traffic needs to be analyzed for any potential threats
  4. Analyzing the top host which are sending or receiving maximum amount of traffic.
  5. It is very helpful to understand worms, Malware, Trojans, Botnets and Advance Persistent Threats with respect to contextual analysis of packets.
  • Access Intelligence: – Packet Analytics help to provide authorized access to system resources, applications, servers, system operation and functions. We can also perform deep diving analysis by tagging particular system, application or services which are running in the networks
  • Packet Analytics is also useful to validate vulnerabilities, exploitation methods, scanning attempts
  • Packet Analytics can be used for network monitoring by collecting useful information from different sources and it can be managed & controlled in a contextual manner.
  • Packet analytics can also be used for activity profiling using communications of Host, Applications & Different network devices.

Packet Analytics Details

Sr.No Packet Analytics Details URL

MOLOCH Packet Analytics


Installation of MOLOCH




Digital Evedance
Packet Forensics and Analytics
Moloch Packet Analytics

Moloch Packet Analytics Project Name:  Moloch Packet Analytics Description: Moloch Packet Analytics includes understanding MOLOCH and Elasticsearch to a great extent. Packet Forensics and Analytics will help you to understand MOLOCH for Packet Analytics & Elasticsearch for forensics indexing for packet. Both will perform this activity in Real Time so …

Live Evidence Invetigation
Packet Forensics and Analytics
Installation of MOLOCH

Installation of MOLOCH Project Name: Installation of MOLOCH Description: Packet Analytics includes understanding MOLOCH and Elasticsearch to great extent. In this blog we will try to figure out step by step installation of MOLOCH for Packet Analytics & Packet Forensics. Packet Forensics and Analytics will help you understand MOLOCH for …

Packet Forensics and Analytics
Moloch Usage

Moloch Usage Project Name: Moloch Usage Description: Moloch Usage includes understanding packet with respect to system level components, GUI views of MOLOCH Packet Analytics and MOLOCH Use Case. Author: Rohit D Sadgune Summary of Content System Level Concepts of MOLOCH Important Files & Folders Working with MOLOCH USE cases of …

%d bloggers like this: