tracedump a novel single application ip packet sniffer
play

Tracedump: A Novel Single Application IP Packet Sniffer Pawe - PowerPoint PPT Presentation

Oct 17, 2022 •106 likes •289 views

Tracedump: A Novel Single Application IP Packet Sniffer Pawe Foremski, IITiS PAN pjf@iitis.pl 3rd TMA PhD School AGH, Krakw 2012 Hello! Pawe (Paul) MSc since 2011 Institute of Theoretical and Applied Informatics of the Polish

  1. Tracedump: A Novel Single Application IP Packet Sniffer Paweł Foremski, IITiS PAN pjf@iitis.pl 3rd TMA PhD School AGH, Kraków 2012

  2. Hello! ● Paweł (Paul) ● MSc since 2011 ● Institute of Theoretical and Applied Informatics of the Polish Academy of Sciences ● Gliwice, Poland

  3. Interests ● Simulation of wireless networks ● Network security ● Traffic classification ● MSc - implementation of KISS ● Research grant from the Polish National Science Centre – project MuTriCs

  4. MuTriCs ● MU ltilevel TR aff i c C la S sification in the Internet ● 2011 – 2013 ● Research supervisor: prof. Michele Pagano, University of Pisa ● http://mutrics.iitis.pl

  5. MuTriCs ● Real-time IP traffic classification system ● Integration of traffic features on many levels ● Expected results ● Detailed and reliable classification ● Anomaly detection ● Open source software for traffic analysis ● Currently preparing the tools: tracedump

  6. The idea Tracedump: single application sniffer for Linux # tracedump -w out.pcap skype # wireshark ./out.pcap

  7. TCP connection

  8. Architecture

  9. Motivation ● Quick and simple IP trace extraction ● Convenient way to analyze new applications ● No such tool ● Vision: automatic traffic generation and collection ● Scripts ● GUI testing tools ● Can run for many hours ● Sharing

  10. Classification: pros ● Pure and complete traffic samples ● Reliable, detailed ground truth ● Full packet payload ● Real-time ● Quick and simple

  11. Classification: cons ● Synthetic traces ● Comparing to the scale of global Internet: ● small amounts of data ● small range of observable applications

  12. Applications ● Supplementary to “real” data traces ● Rapid generation of interim training data for machine learning algorithms ● Ad-hoc experiments ● Insight into “side channels” of network protocols and applications

  13. Example: Opera 11 tracedump opera www.facebook.com

  14. Opera: startup

  15. Opera: site check

  16. More information mutrics.iitis.pl/tracedump (GNU GPL) Foremski P., " Tracedump: A Novel Single Application IP Packet Sniffer ", Theoretical and Applied Informatics, Vol. 24 No. 1/2012

  17. Future work ● Implementation: ● Stability, Linux 64-bit ● Port limit (300) ● Methodology: ● GUI automation ● Automatic traffic trace collection ● Practical applications in the MuTriCs project

  18. Thank you! mutrics.iitis.pl

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Lab 1: Packet Sniffing and Wireshark Fengwei Zhang SUSTech CS 315 Computer Security 1 Packet

Lab 1: Packet Sniffing and Wireshark Fengwei Zhang SUSTech CS 315 Computer Security 1 Packet

Lab 1: Packet Sniffing and Wireshark Fengwei Zhang SUSTech CS 315 Computer Security 1 Packet Sniffer Packet sniffer is a basic tool for observing network packet exchanges in a computer Capturing (sniffs) packets being

485 views • 13 slides
Lab 1: Packet Sniffing and Wireshark Fengwei Zhang Wayne State University Course: Cyber

Lab 1: Packet Sniffing and Wireshark Fengwei Zhang Wayne State University Course: Cyber

Lab 1: Packet Sniffing and Wireshark Fengwei Zhang Wayne State University Course: Cyber Security Practice 1 Packet Sniffer Packet sniffer is a basic tool for observing network packet exchanges in a computer Capturing (sniffs)

593 views • 14 slides
Lab 1: Packet Sniffing and Wireshark Fengwei Zhang Wayne State University CSC 5991 Cyber

Lab 1: Packet Sniffing and Wireshark Fengwei Zhang Wayne State University CSC 5991 Cyber

Lab 1: Packet Sniffing and Wireshark Fengwei Zhang Wayne State University CSC 5991 Cyber Security Prac@ce 1 Packet Sniffer Packet sniffer is a basic tool for observing network packet exchanges in a computer Capturing (sniffs)

172 views • 14 slides
Network Traffic Analysis and Intrusion Detection using Packet Sniffer Guanqun Wang Supervisor:

Network Traffic Analysis and Intrusion Detection using Packet Sniffer Guanqun Wang Supervisor:

Network Traffic Analysis and Intrusion Detection using Packet Sniffer Guanqun Wang Supervisor: Prof. Nirmalya Roy Introduction The paper is from 2010 Second International Conference on Communication Software and Networks; Basic

517 views • 15 slides
AKA: Jack the Sniffer Jack the Sniffer Fishbeck, Thompson, Carr & Huber, Inc. engineers

AKA: Jack the Sniffer Jack the Sniffer Fishbeck, Thompson, Carr & Huber, Inc. engineers

Lift Station New Scents or Non-Scents? MWEA IPP Seminar September 25, 2008 Presented By: John C. Rafter, Jr., P.E., DEE AKA: Jack the Sniffer Jack the Sniffer Fishbeck, Thompson, Carr & Huber, Inc. engineers scientists

641 views • 38 slides
VoIP/SMPP traffic sniffer Break through your data Traffic sniffer modules VoIP traffic sniffer

VoIP/SMPP traffic sniffer Break through your data Traffic sniffer modules VoIP traffic sniffer

VoIP/SMPP traffic sniffer Break through your data Traffic sniffer modules VoIP traffic sniffer is an umbrella term VoIP traffic sniffer is an umbrella term for three interconnected features: for three interconnected features: Signalling Log C

245 views • 13 slides
Increasing community resilience in the face of climate change Ruth Wolstenholme Sniffer,

Increasing community resilience in the face of climate change Ruth Wolstenholme Sniffer,

Increasing community resilience in the face of climate change Ruth Wolstenholme Sniffer, Adaptation Scotland programme www.sniffer.org.uk Who we are Sniffer - brokering knowledge on resilience Adaptation Scotland - helping Scotland

391 views • 23 slides
A Four-Terabit Single-Stage A Four-Terabit Single-Stage Packet Switch with Large Packet Switch

A Four-Terabit Single-Stage A Four-Terabit Single-Stage Packet Switch with Large Packet Switch

A Four-Terabit Single-Stage A Four-Terabit Single-Stage Packet Switch with Large Packet Switch with Large Round-Trip Time Support Round-Trip Time Support F. Abel, C. Minkenberg, R. Luijten, M. Gusat, and I. Iliadis F. Abel, C. Minkenberg, R.

234 views • 19 slides
Introduction to Packet Tracer What is Packet Tracer? Packet Tracer is a protocol simulator

Introduction to Packet Tracer What is Packet Tracer? Packet Tracer is a protocol simulator

Introduction to Packet Tracer What is Packet Tracer? Packet Tracer is a protocol simulator developed by Dennis Frezzo and his team at Cisco Systems. Packet Tracer (PT) is a powerful and dynamic tool that displays the various protocols used in

419 views • 17 slides
Unik Idit Levine EMC CONFIDENTIALINTERNAL USE ONLY EMC CONFIDENTIALINTERNAL USE ONLY 1

Unik Idit Levine EMC CONFIDENTIALINTERNAL USE ONLY EMC CONFIDENTIALINTERNAL USE ONLY 1

Unik Idit Levine EMC CONFIDENTIALINTERNAL USE ONLY EMC CONFIDENTIALINTERNAL USE ONLY 1 Virtualization Stack Application Config Application The aim is to run single Language Runtime Application with a single user on a single server

2.88k views • 28 slides
Colorados Approach to Developing the Single Streamlined Application (SSAp) March 26, 2013

Colorados Approach to Developing the Single Streamlined Application (SSAp) March 26, 2013

Colorados Approach to Developing the Single Streamlined Application (SSAp) March 26, 2013 Merged Advisory Group Meeting Background Beginning in 2014, all states are required to use a single streamlined application (SSAp) provided by the

298 views • 12 slides
Multicasting Short recap of the basics No single link should contain multiple copies of H R

Multicasting Short recap of the basics No single link should contain multiple copies of H R

Multicasting Short recap of the basics No single link should contain multiple copies of H R same packet. R R H R H Multicast R packets H R H Extra packets with replicated unicast Extra packet No unwanted with broadcast

911 views • 88 slides
Integration of N-tiers application Using CAS Single Sign On system with a webmail application,

Integration of N-tiers application Using CAS Single Sign On system with a webmail application,

Integration of N-tiers application Using CAS Single Sign On system with a webmail application, Horde K.U.Leuven Association velpi@groupt.be http://shib.kuleuven.be Integration of N-tiers application http://associatie.kuleuven.be/

911 views • 58 slides
Design and Performance of the OpenBSD Stateful Packet Filter (pf) Daniel Hartmeier

Design and Performance of the OpenBSD Stateful Packet Filter (pf) Daniel Hartmeier

Design and Performance of the OpenBSD Stateful Packet Filter (pf) Daniel Hartmeier dhartmei@openbsd.org Systor AG Usenix 2002 p.1/22 Introduction part of a firewall, working on IP packet level (vs. application level proxies or ethernet

455 views • 33 slides
Packet Radio Lee Maddox, N4HOK What is Packet Radio? Packet radio is the connection of a computer

Packet Radio Lee Maddox, N4HOK What is Packet Radio? Packet radio is the connection of a computer

03/11/2017 Packet Radio Lee Maddox, N4HOK What is Packet Radio? Packet radio is the connection of a computer to a radio for the transmission of digital data via amateur radio. It is another mode of operation that has a multitude of uses, such as

571 views • 17 slides
How to (passively) measure? Packet Monitoring 1 What to expect? Overview / What is packet

How to (passively) measure? Packet Monitoring 1 What to expect? Overview / What is packet

How to (passively) measure? Packet Monitoring 1 What to expect? Overview / What is packet monitor? How to acquire the data Handling performance bottlenecks Case Study: Packet Capture Performance Analyzing the transport and

487 views • 37 slides
Proactive Risk Management through Improved Situational Awareness https://protective-h2020.eu/

Proactive Risk Management through Improved Situational Awareness https://protective-h2020.eu/

Proactive Risk Management through Improved Situational Awareness https://protective-h2020.eu/ PROTECTIVE is a H2020 funded Innovation Action to evolve cyber alert flow processing , namely: correlation, prioritisation, analysis,

962 views • 40 slides
FINAL RESULTS PRESENTATION for the year ended 31 March 2019 Presented by Arnold Goldstone (Chief

FINAL RESULTS PRESENTATION for the year ended 31 March 2019 Presented by Arnold Goldstone (Chief

FINAL RESULTS PRESENTATION for the year ended 31 March 2019 Presented by Arnold Goldstone (Chief Executive Officer) Agenda 01 First things first 02 The period in perspective 03 Divisional review Capital Equipment Group (CEG) Engineering

791 views • 60 slides
INTERIM RESULTS PRESENTATION FOR THE HALF YEAR ENDED 31 DECEMBER 2017 AGENDA Strategic

INTERIM RESULTS PRESENTATION FOR THE HALF YEAR ENDED 31 DECEMBER 2017 AGENDA Strategic

INTERIM RESULTS PRESENTATION FOR THE HALF YEAR ENDED 31 DECEMBER 2017 AGENDA Strategic Milestones South Africa 01 V&A Waterfront Portfolio Update 02 GOZ Capital Management 03 Globalworth Financial Results 04 Conclusion 05

1.01k views • 87 slides
Advancing precious metals in North America Corporate Presentation June 2020

Advancing precious metals in North America Corporate Presentation June 2020

Advancing precious metals in North America Corporate Presentation June 2020 www.excellonresources.com TSX:EXN, EXN.WT, OTC:EXLLF and FRA:E4X1 Forward Looking Statements Disclaimer This document contains forwardlooking statements

660 views • 30 slides
SMART LEVEE in Poland. Full-scale monitoring experimental study of levees by different methods

SMART LEVEE in Poland. Full-scale monitoring experimental study of levees by different methods

SMART LEVEE in Poland. Full-scale monitoring experimental study of levees by different methods Aleksandra BORECKA, Klaudia KORZEC, Jacek Stanisz Department of Geology, Geophysics and Environmental Protection, UST AGH, Krakow The aim of ISMOP

621 views • 16 slides
An evaluation of adult death registration coverage in the Human Mortality Database and World

An evaluation of adult death registration coverage in the Human Mortality Database and World

An evaluation of adult death registration coverage in the Human Mortality Database and World Health Organization mortality data. Everton Lima Universidade Estadual de Campinas Unicamp everton@nepo.unicamp.br Tim Riffe Max Planck Institute

278 views • 25 slides
Enabling Digital Transformation CONTENTS BRIEF DESCRIPTION ................ 03 ABOUT

Enabling Digital Transformation CONTENTS BRIEF DESCRIPTION ................ 03 ABOUT

Enabling Digital Transformation CONTENTS BRIEF DESCRIPTION ................ 03 ABOUT GENIO .......................... 06 OUR PORTFOLIO ...................... 13 OUR CLIENTS ........................ 23 INNOVATION AND R

349 views • 33 slides
ANNUAL RESULTS TO 31 MARCH 2017 25 May 2017 Helical Annual Results 2017 1 AGENDA RESULTS

ANNUAL RESULTS TO 31 MARCH 2017 25 May 2017 Helical Annual Results 2017 1 AGENDA RESULTS

ANNUAL RESULTS TO 31 MARCH 2017 25 May 2017 Helical Annual Results 2017 1 AGENDA RESULTS HIGHLIGHTS ONE Gerald Kaye FINANCIALS TWO Tim Murphy PORTFOLIO THREE Matthew Bonning-Snook and Duncan Walker OUTLOOK FOUR Gerald Kaye FIVE

868 views • 60 slides

More recommend