Packet capture involves collecting these packets for analysis, including examining source and destination addresses, protocols used, and payload data. NetFlow data provides a more abstract view of network traffic by summarizing packet information into flows, which represent the stream of packets between two endpoints. It includes details such as IP addresses, ports, protocols, and the amount of data transferred. The analysis of bandwidth usage provides information on the volume of data being transmitted over the network, aiding in the identification of bottlenecks or unusual traffic volumes that may suggest a distributed denial-of-service attack. These steps are crucial for monitoring performance, troubleshooting network issues, and detecting security threats such as malware communication and data exfiltration. Logs from various network devices and services serve as a record of events that have occurred within the network. System logs generated by network devices provide details about events such as system startup, shutdowns, errors, and configuration