1 / 8

A Comprehensive Framework for Packet Trace Manipulation in Network Traffic Analysis

This framework addresses common challenges in manipulating network traffic for tasks such as complex filtering, fine-grained editing, large-scale modifications, and visualization of behaviors. It introduces 'Netdude', a versatile tool for packet inspection and manipulation, designed to streamline operations and reduce duplicated efforts in traffic analysis. The system can detect patterns in network traffic and create useful signatures using honeypots, with capabilities for worm detection and advanced traffic control algorithms. Future improvements include higher volume testing and enhanced signature reporting.

carney
Télécharger la présentation

A Comprehensive Framework for Packet Trace Manipulation in Network Traffic Analysis

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Framework for Packe Trace Manipulation Christian Kreibich christian.kreibich@cl.cam.ac.uk

  2. Motivation • Say you need to solve a problem that involves manipulating network traffic: • complex filtering (e.g. data analysis) • fine-grained editing (e.g. header field bitflips) • large-scale editing (e.g. anonymization) • visualization (e.g. behavioural analysis) • What do you do?

  3. Motivation II • Try to find a tool that does it • where? does it build? maintained? • If so, lucky you! • Mhmm ... write your own ... again. • Okay, pcap. • Now you typically need infrastructure: • data types conn.state tracking protocol header lookup • Lots of duplicated effort • Cut’n’paste sucks

  4. Motivation III • Ewww.

  5. Introducing ... • Netdude — NETwork DUmp Data Editor • Framework for packet inspection and manipulation

  6. Don’t get me wrong ... I

  7. Summary • System detects patterns in network traffic • Using honeypots, the system can create useful signatures • Good at worm detection • Todo list • Ability to control LCS algorithm (whitelisting?) • Tests with higher traffic volume • Experiment with approximate matching • Better signature reporting scheme

  8. Thanks! • Shoutouts:a13x hØ • No machines were harmed or compromised in the making of this presentation.

More Related