Network protocol packet analysis
This presentation is the property of its rightful owner.
Sponsored Links
1 / 9

Network Protocol Packet Analysis PowerPoint PPT Presentation


  • 132 Views
  • Uploaded on
  • Presentation posted in: General

Network Protocol Packet Analysis. By: Daniel Ruiz. Overview. How to Capturing Packets WireShark Lua Analyzing Packets Principle Component Analysis (PCA). WireShark. Best Open Source Packet Analyzer available today Used in ICTF Multi-platform runs on Linux, Window, OS X and many others

Download Presentation

Network Protocol Packet Analysis

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Network protocol packet analysis

Network Protocol Packet Analysis

By: Daniel Ruiz


Overview

Overview

  • How to Capturing Packets

    • WireShark

    • Lua

  • Analyzing Packets

    • Principle Component Analysis (PCA)


Wireshark

WireShark

  • Best Open Source Packet Analyzer available today

  • Used in ICTF

  • Multi-platform runs on Linux, Window, OS X and many others

  • Live capture and offline analysis

  • Much Much More!!!


Network protocol packet analysis

Lua

  • Lua is a powerful light-weight programming language designed for extending applications

  • Very is to use API

  • Allows for scripting in Wireshark

  • Lua can be used to write dissectors, post-dissectors and taps.


Analyzing packets

Analyzing Packets

  • Tsharkis able to detect, read and write the same capture file that are supported by WireShark

  • To detect

    • Tshark.exe –i eth0 –x

  • To read

    • Tshark.exe –r “file” –x

  • To write

    • Tshark.exe –i eht0 –x –w “file”

  • Understand the software tools before writing them yourself!


Pictures and packets

Pictures and Packets

Good Packet

Malicious Packet


Principle component analysis

Principle Component Analysis

Data Cloud

  • Use PCA instead of convolution with FFT

  • PCA takes your cloud of data points, and rotates it such that the maximum variability is visible (most important gradients).

  • Maximum variability is found by the Eigen values of each packet

  • Packets with malicious data should have different gradients than those with good data

Gradient Abundance


Improvements

Improvements

  • Use Neural Network to recognize malicious Eigen values

  • Investigate Wavelet PCA

  • PCA and FFT convolution speed analysis


Questions

Questions?


  • Login