Network traffic analysis (NTA) means packet sniffing, which is the procedure of gathering and tracking network activities to recognize it is behavior.. NTA holds a real-time and documented record or log of the activities occurring inside the network and identifies the vulnerable or weak protocols and ciphers. Commonly, packet analysis or packet sniffing is conducted by a packet sniffer tool that is utilized to capture raw network traffic. There are various existing tools, either free or commercial, based on the command-line interface (CLI) or graphical user interface (GUI). NetworkMiner is one of the widespread network forensics tools that can parse the Packet Capture (pcap) files and conduct live sniffing of the traffic. This paper utilized NetworkMiner to explore network packets among various attack scenarios. A dataset of 20,000 instances of various protocols packets was captured and collected in an education network environment, extracting the features, and labeling each instance as normal or anomaly. A decision tree model was employed to detect the network behavior in real-time, and results showed it as the most appropriate model for predicting with an accuracy of 96.29%.

Packet Sniffer, Network Security, Network Forensics, Artificial Intelligence, Suspicious behavior