network protocol packet analysis
Download
Skip this Video
Download Presentation
Network Protocol Packet Analysis

Loading in 2 Seconds...

play fullscreen
1 / 9

Network Protocol Packet Analysis - PowerPoint PPT Presentation


  • 173 Views
  • Uploaded on

Network Protocol Packet Analysis. By: Daniel Ruiz. Overview. How to Capturing Packets WireShark Lua Analyzing Packets Principle Component Analysis (PCA). WireShark. Best Open Source Packet Analyzer available today Used in ICTF Multi-platform runs on Linux, Window, OS X and many others

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Network Protocol Packet Analysis' - amity


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
overview
Overview
  • How to Capturing Packets
    • WireShark
    • Lua
  • Analyzing Packets
    • Principle Component Analysis (PCA)
wireshark
WireShark
  • Best Open Source Packet Analyzer available today
  • Used in ICTF
  • Multi-platform runs on Linux, Window, OS X and many others
  • Live capture and offline analysis
  • Much Much More!!!
slide4
Lua
  • Lua is a powerful light-weight programming language designed for extending applications
  • Very is to use API
  • Allows for scripting in Wireshark
  • Lua can be used to write dissectors, post-dissectors and taps.
analyzing packets
Analyzing Packets
  • Tsharkis able to detect, read and write the same capture file that are supported by WireShark
  • To detect
    • Tshark.exe –i eth0 –x
  • To read
    • Tshark.exe –r “file” –x
  • To write
    • Tshark.exe –i eht0 –x –w “file”
  • Understand the software tools before writing them yourself!
pictures and packets
Pictures and Packets

Good Packet

Malicious Packet

principle component analysis
Principle Component Analysis

Data Cloud

  • Use PCA instead of convolution with FFT
  • PCA takes your cloud of data points, and rotates it such that the maximum variability is visible (most important gradients).
  • Maximum variability is found by the Eigen values of each packet
  • Packets with malicious data should have different gradients than those with good data

Gradient Abundance

improvements
Improvements
  • Use Neural Network to recognize malicious Eigen values
  • Investigate Wavelet PCA
  • PCA and FFT convolution speed analysis
ad