tracedump a novel single application ip packet sniffer
play

Tracedump: A Novel Single Application IP Packet Sniffer Pawe - PowerPoint PPT Presentation

Oct 17, 2022 •106 likes •289 views

Tracedump: A Novel Single Application IP Packet Sniffer Pawe Foremski, IITiS PAN pjf@iitis.pl 3rd TMA PhD School AGH, Krakw 2012 Hello! Pawe (Paul) MSc since 2011 Institute of Theoretical and Applied Informatics of the Polish

  1. Tracedump: A Novel Single Application IP Packet Sniffer Paweł Foremski, IITiS PAN pjf@iitis.pl 3rd TMA PhD School AGH, Kraków 2012

  2. Hello! ● Paweł (Paul) ● MSc since 2011 ● Institute of Theoretical and Applied Informatics of the Polish Academy of Sciences ● Gliwice, Poland

  3. Interests ● Simulation of wireless networks ● Network security ● Traffic classification ● MSc - implementation of KISS ● Research grant from the Polish National Science Centre – project MuTriCs

  4. MuTriCs ● MU ltilevel TR aff i c C la S sification in the Internet ● 2011 – 2013 ● Research supervisor: prof. Michele Pagano, University of Pisa ● http://mutrics.iitis.pl

  5. MuTriCs ● Real-time IP traffic classification system ● Integration of traffic features on many levels ● Expected results ● Detailed and reliable classification ● Anomaly detection ● Open source software for traffic analysis ● Currently preparing the tools: tracedump

  6. The idea Tracedump: single application sniffer for Linux # tracedump -w out.pcap skype # wireshark ./out.pcap

  7. TCP connection

  8. Architecture

  9. Motivation ● Quick and simple IP trace extraction ● Convenient way to analyze new applications ● No such tool ● Vision: automatic traffic generation and collection ● Scripts ● GUI testing tools ● Can run for many hours ● Sharing

  10. Classification: pros ● Pure and complete traffic samples ● Reliable, detailed ground truth ● Full packet payload ● Real-time ● Quick and simple

  11. Classification: cons ● Synthetic traces ● Comparing to the scale of global Internet: ● small amounts of data ● small range of observable applications

  12. Applications ● Supplementary to “real” data traces ● Rapid generation of interim training data for machine learning algorithms ● Ad-hoc experiments ● Insight into “side channels” of network protocols and applications

  13. Example: Opera 11 tracedump opera www.facebook.com

  14. Opera: startup

  15. Opera: site check

  16. More information mutrics.iitis.pl/tracedump (GNU GPL) Foremski P., " Tracedump: A Novel Single Application IP Packet Sniffer ", Theoretical and Applied Informatics, Vol. 24 No. 1/2012

  17. Future work ● Implementation: ● Stability, Linux 64-bit ● Port limit (300) ● Methodology: ● GUI automation ● Automatic traffic trace collection ● Practical applications in the MuTriCs project

  18. Thank you! mutrics.iitis.pl

Recommend

Lab 1: Packet Sniffing and Wireshark Fengwei Zhang SUSTech CS 315 Computer Security 1 Packet

Lab 1: Packet Sniffing and Wireshark Fengwei Zhang SUSTech CS 315 Computer Security 1 Packet

Lab 1: Packet Sniffing and Wireshark Fengwei Zhang SUSTech CS 315 Computer Security 1 Packet Sniffer Packet sniffer is a basic tool for observing network packet exchanges in a computer Capturing (sniffs) packets being

485 views • 13 slides
Lab 1: Packet Sniffing and Wireshark Fengwei Zhang Wayne State University Course: Cyber

Lab 1: Packet Sniffing and Wireshark Fengwei Zhang Wayne State University Course: Cyber

Lab 1: Packet Sniffing and Wireshark Fengwei Zhang Wayne State University Course: Cyber Security Practice 1 Packet Sniffer Packet sniffer is a basic tool for observing network packet exchanges in a computer Capturing (sniffs)

593 views • 14 slides
Lab 1: Packet Sniffing and Wireshark Fengwei Zhang Wayne State University CSC 5991 Cyber

Lab 1: Packet Sniffing and Wireshark Fengwei Zhang Wayne State University CSC 5991 Cyber

Lab 1: Packet Sniffing and Wireshark Fengwei Zhang Wayne State University CSC 5991 Cyber Security Prac@ce 1 Packet Sniffer Packet sniffer is a basic tool for observing network packet exchanges in a computer Capturing (sniffs)

172 views • 14 slides
Network Traffic Analysis and Intrusion Detection using Packet Sniffer Guanqun Wang Supervisor:

Network Traffic Analysis and Intrusion Detection using Packet Sniffer Guanqun Wang Supervisor:

Network Traffic Analysis and Intrusion Detection using Packet Sniffer Guanqun Wang Supervisor: Prof. Nirmalya Roy Introduction The paper is from 2010 Second International Conference on Communication Software and Networks; Basic

517 views • 15 slides
AKA: Jack the Sniffer Jack the Sniffer Fishbeck, Thompson, Carr & Huber, Inc. engineers

AKA: Jack the Sniffer Jack the Sniffer Fishbeck, Thompson, Carr & Huber, Inc. engineers

Lift Station New Scents or Non-Scents? MWEA IPP Seminar September 25, 2008 Presented By: John C. Rafter, Jr., P.E., DEE AKA: Jack the Sniffer Jack the Sniffer Fishbeck, Thompson, Carr & Huber, Inc. engineers scientists

641 views • 38 slides
VoIP/SMPP traffic sniffer Break through your data Traffic sniffer modules VoIP traffic sniffer

VoIP/SMPP traffic sniffer Break through your data Traffic sniffer modules VoIP traffic sniffer

VoIP/SMPP traffic sniffer Break through your data Traffic sniffer modules VoIP traffic sniffer is an umbrella term VoIP traffic sniffer is an umbrella term for three interconnected features: for three interconnected features: Signalling Log C

246 views • 13 slides
Increasing community resilience in the face of climate change Ruth Wolstenholme Sniffer,

Increasing community resilience in the face of climate change Ruth Wolstenholme Sniffer,

Increasing community resilience in the face of climate change Ruth Wolstenholme Sniffer, Adaptation Scotland programme www.sniffer.org.uk Who we are Sniffer - brokering knowledge on resilience Adaptation Scotland - helping Scotland

391 views • 23 slides
A Four-Terabit Single-Stage A Four-Terabit Single-Stage Packet Switch with Large Packet Switch

A Four-Terabit Single-Stage A Four-Terabit Single-Stage Packet Switch with Large Packet Switch

A Four-Terabit Single-Stage A Four-Terabit Single-Stage Packet Switch with Large Packet Switch with Large Round-Trip Time Support Round-Trip Time Support F. Abel, C. Minkenberg, R. Luijten, M. Gusat, and I. Iliadis F. Abel, C. Minkenberg, R.

234 views • 19 slides
Introduction to Packet Tracer What is Packet Tracer? Packet Tracer is a protocol simulator

Introduction to Packet Tracer What is Packet Tracer? Packet Tracer is a protocol simulator

Introduction to Packet Tracer What is Packet Tracer? Packet Tracer is a protocol simulator developed by Dennis Frezzo and his team at Cisco Systems. Packet Tracer (PT) is a powerful and dynamic tool that displays the various protocols used in

419 views • 17 slides
Unik Idit Levine EMC CONFIDENTIALINTERNAL USE ONLY EMC CONFIDENTIALINTERNAL USE ONLY 1

Unik Idit Levine EMC CONFIDENTIALINTERNAL USE ONLY EMC CONFIDENTIALINTERNAL USE ONLY 1

Unik Idit Levine EMC CONFIDENTIALINTERNAL USE ONLY EMC CONFIDENTIALINTERNAL USE ONLY 1 Virtualization Stack Application Config Application The aim is to run single Language Runtime Application with a single user on a single server

2.88k views • 28 slides
Colorados Approach to Developing the Single Streamlined Application (SSAp) March 26, 2013

Colorados Approach to Developing the Single Streamlined Application (SSAp) March 26, 2013

Colorados Approach to Developing the Single Streamlined Application (SSAp) March 26, 2013 Merged Advisory Group Meeting Background Beginning in 2014, all states are required to use a single streamlined application (SSAp) provided by the

298 views • 12 slides
Multicasting Short recap of the basics No single link should contain multiple copies of H R

Multicasting Short recap of the basics No single link should contain multiple copies of H R

Multicasting Short recap of the basics No single link should contain multiple copies of H R same packet. R R H R H Multicast R packets H R H Extra packets with replicated unicast Extra packet No unwanted with broadcast

911 views • 88 slides
Integration of N-tiers application Using CAS Single Sign On system with a webmail application,

Integration of N-tiers application Using CAS Single Sign On system with a webmail application,

Integration of N-tiers application Using CAS Single Sign On system with a webmail application, Horde K.U.Leuven Association velpi@groupt.be http://shib.kuleuven.be Integration of N-tiers application http://associatie.kuleuven.be/

911 views • 58 slides
Design and Performance of the OpenBSD Stateful Packet Filter (pf) Daniel Hartmeier

Design and Performance of the OpenBSD Stateful Packet Filter (pf) Daniel Hartmeier

Design and Performance of the OpenBSD Stateful Packet Filter (pf) Daniel Hartmeier dhartmei@openbsd.org Systor AG Usenix 2002 p.1/22 Introduction part of a firewall, working on IP packet level (vs. application level proxies or ethernet

455 views • 33 slides
Packet Radio Lee Maddox, N4HOK What is Packet Radio? Packet radio is the connection of a computer

Packet Radio Lee Maddox, N4HOK What is Packet Radio? Packet radio is the connection of a computer

03/11/2017 Packet Radio Lee Maddox, N4HOK What is Packet Radio? Packet radio is the connection of a computer to a radio for the transmission of digital data via amateur radio. It is another mode of operation that has a multitude of uses, such as

571 views • 17 slides
How to (passively) measure? Packet Monitoring 1 What to expect? Overview / What is packet

How to (passively) measure? Packet Monitoring 1 What to expect? Overview / What is packet

How to (passively) measure? Packet Monitoring 1 What to expect? Overview / What is packet monitor? How to acquire the data Handling performance bottlenecks Case Study: Packet Capture Performance Analyzing the transport and

487 views • 37 slides
Recombinant DNA Permit Application [Sample Presentation Packet: rDNA Permit, Cambridge Public

Recombinant DNA Permit Application [Sample Presentation Packet: rDNA Permit, Cambridge Public

Recombinant DNA Permit Application [Sample Presentation Packet: rDNA Permit, Cambridge Public Health Department] Presentation to the Cambridge Biosafety Committee MM/DD/YY G. Gallen, Ph.D. Executive Director of Research New Pharm, Inc.

400 views • 11 slides
Reliable and Scalable Packet Striping Hari Adiseshu Guru Parulkar George Varghese Washington

Reliable and Scalable Packet Striping Hari Adiseshu Guru Parulkar George Varghese Washington

Reliable and Scalable Packet Striping Hari Adiseshu Guru Parulkar George Varghese Washington University in St. Louis 1 Hari Adiseshu@Washington University Packet Striping Introduction u Packet Striping * using multiple links as a single

594 views • 28 slides
Packet Information IMPORTANT LABEL ON RIGHT HAND SIDE OF PACKET Shoe, Gym 11111 (Student ID #)

Packet Information IMPORTANT LABEL ON RIGHT HAND SIDE OF PACKET Shoe, Gym 11111 (Student ID #)

Curriculum & Activities Night Class of 2020 Packet Information IMPORTANT LABEL ON RIGHT HAND SIDE OF PACKET Shoe, Gym 11111 (Student ID #) Feeder School Name NEON GREEN sticker on front of packet = MISSING EXPLORE Appointment date

99 views • 6 slides
Packet Validation in the Network Environments Yingdi Yu UCLA 1 Packet Authentication How

Packet Validation in the Network Environments Yingdi Yu UCLA 1 Packet Authentication How

Packet Validation in the Network Environments Yingdi Yu UCLA 1 Packet Authentication How to authenticate a data packet containing the electricity usage of a room at certain time? Data is signed, but how to verify the signature?

224 views • 19 slides
MICRO-FRONTENDS Luca Mezzalira Architecture evolution DB Application Server Single-Page

MICRO-FRONTENDS Luca Mezzalira Architecture evolution DB Application Server Single-Page

Scaling Your Project with MICRO-FRONTENDS Luca Mezzalira Architecture evolution DB Application Server Single-Page Application Architecture evolution DB DB DB Microservice Microservice Microservice API Gateway Single-Page Application

349 views • 32 slides
Modelling of Packet Loss in an Asynchronous Packet Switch using PEPA Wim Vanderbauwhede

Modelling of Packet Loss in an Asynchronous Packet Switch using PEPA Wim Vanderbauwhede

Modelling of Packet Loss in an Asynchronous Packet Switch using PEPA Wim Vanderbauwhede Department of Computing Science University of Glasgow September 6, 2005- WV 1 Overview Asynchronous Packet Switch Building the PEPA Model

658 views • 26 slides
Packet Classification Omid Mashayekhi Vaibhav Chidrewar What is Packet Classification?

Packet Classification Omid Mashayekhi Vaibhav Chidrewar What is Packet Classification?

Packet Classification Omid Mashayekhi Vaibhav Chidrewar What is Packet Classification? Definition: The function of identifying and categorizing packets of data moving across the network Rule Source IP Dest IP Action R1 152.163.190.69/

574 views • 15 slides
Block-based partial packet recovery corrupt packet Maranello Practical Partial Packet Recovery

Block-based partial packet recovery corrupt packet Maranello Practical Partial Packet Recovery

Maranello : Practical Partial Packet Recovery for 802.11 Bo Han Aaron Schulman Lusheng Ji Neil Spring Francesco Gringoli Seungjoon Lee Bobby Bhattacharjee Lorenzo Nava Robert Miller University of Maryland University of Brescia AT&T

894 views • 43 slides

More recommend