Tracedump: A Novel Single Application IP Packet Sniffer Pawe - - PowerPoint PPT Presentation

tracedump a novel single application ip packet sniffer
SMART_READER_LITE
LIVE PREVIEW

Tracedump: A Novel Single Application IP Packet Sniffer Pawe - - PowerPoint PPT Presentation

Oct 17, 2022 106 likes •293 views

Tracedump: A Novel Single Application IP Packet Sniffer Pawe Foremski, IITiS PAN pjf@iitis.pl 3rd TMA PhD School AGH, Krakw 2012 Hello! Pawe (Paul) MSc since 2011 Institute of Theoretical and Applied Informatics of the Polish

slide-1
SLIDE 1

Tracedump: A Novel Single Application IP Packet Sniffer

Paweł Foremski, IITiS PAN pjf@iitis.pl 3rd TMA PhD School

AGH, Kraków 2012

slide-2
SLIDE 2

Hello!

  • Paweł (Paul)
  • MSc since 2011
  • Institute of Theoretical and Applied

Informatics of the Polish Academy of Sciences

  • Gliwice, Poland
slide-3
SLIDE 3

Interests

  • Simulation of wireless networks
  • Network security
  • Traffic classification
  • MSc - implementation of KISS
  • Research grant from the Polish National Science

Centre – project MuTriCs

slide-4
SLIDE 4

MuTriCs

  • MUltilevel TRaffic ClaSsification in the

Internet

  • 2011 – 2013
  • Research supervisor: prof. Michele Pagano,

University of Pisa

  • http://mutrics.iitis.pl
slide-5
SLIDE 5

MuTriCs

  • Real-time IP traffic classification system
  • Integration of traffic features on many levels
  • Expected results
  • Detailed and reliable classification
  • Anomaly detection
  • Open source software for traffic analysis
  • Currently preparing the tools: tracedump
slide-6
SLIDE 6

The idea

Tracedump: single application sniffer for Linux

# tracedump -w out.pcap skype # wireshark ./out.pcap

slide-7
SLIDE 7

TCP connection

slide-8
SLIDE 8

Architecture

slide-9
SLIDE 9

Motivation

  • Quick and simple IP trace extraction
  • Convenient way to analyze new applications
  • No such tool
  • Vision: automatic traffic generation and collection
  • Scripts
  • GUI testing tools
  • Can run for many hours
  • Sharing
slide-10
SLIDE 10

Classification: pros

  • Pure and complete traffic samples
  • Reliable, detailed ground truth
  • Full packet payload
  • Real-time
  • Quick and simple
slide-11
SLIDE 11

Classification: cons

  • Synthetic traces
  • Comparing to the scale of global Internet:
  • small amounts of data
  • small range of observable applications
slide-12
SLIDE 12

Applications

  • Supplementary to “real” data traces
  • Rapid generation of interim training data for

machine learning algorithms

  • Ad-hoc experiments
  • Insight into “side channels” of network

protocols and applications

slide-13
SLIDE 13

Example: Opera 11

tracedump opera www.facebook.com

slide-14
SLIDE 14

Opera: startup

slide-15
SLIDE 15

Opera: site check

slide-16
SLIDE 16

More information

mutrics.iitis.pl/tracedump

(GNU GPL)

Foremski P., "Tracedump: A Novel Single Application IP Packet Sniffer", Theoretical and Applied Informatics, Vol. 24 No. 1/2012

slide-17
SLIDE 17

Future work

  • Implementation:
  • Stability, Linux 64-bit
  • Port limit (300)
  • Methodology:
  • GUI automation
  • Automatic traffic trace collection
  • Practical applications in the MuTriCs project
slide-18
SLIDE 18

Thank you!

mutrics.iitis.pl