1 / 9

Network Protocol Packet Analysis

Network Protocol Packet Analysis. By: Daniel Ruiz. Overview. How to Capturing Packets WireShark Lua Analyzing Packets Principle Component Analysis (PCA). WireShark. Best Open Source Packet Analyzer available today Used in ICTF Multi-platform runs on Linux, Window, OS X and many others

amity
Télécharger la présentation

Network Protocol Packet Analysis

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Network Protocol Packet Analysis By: Daniel Ruiz

  2. Overview • How to Capturing Packets • WireShark • Lua • Analyzing Packets • Principle Component Analysis (PCA)

  3. WireShark • Best Open Source Packet Analyzer available today • Used in ICTF • Multi-platform runs on Linux, Window, OS X and many others • Live capture and offline analysis • Much Much More!!!

  4. Lua • Lua is a powerful light-weight programming language designed for extending applications • Very is to use API • Allows for scripting in Wireshark • Lua can be used to write dissectors, post-dissectors and taps.

  5. Analyzing Packets • Tsharkis able to detect, read and write the same capture file that are supported by WireShark • To detect • Tshark.exe –i eth0 –x • To read • Tshark.exe –r “file” –x • To write • Tshark.exe –i eht0 –x –w “file” • Understand the software tools before writing them yourself!

  6. Pictures and Packets Good Packet Malicious Packet

  7. Principle Component Analysis Data Cloud • Use PCA instead of convolution with FFT • PCA takes your cloud of data points, and rotates it such that the maximum variability is visible (most important gradients). • Maximum variability is found by the Eigen values of each packet • Packets with malicious data should have different gradients than those with good data Gradient Abundance

  8. Improvements • Use Neural Network to recognize malicious Eigen values • Investigate Wavelet PCA • PCA and FFT convolution speed analysis

  9. Questions?

More Related