A flexible data processing and reporting system for packet capture files Ignus van Zyl (Iggy) Overlord Supervisor: Barry Irwin.

Slides:



Advertisements
Similar presentations
TCP/IP MODEL Maninder Kaur
Advertisements

TOPIC LEARNING BTEC Level 3 Unit 28 Websites L01- All students will understand the web architecture and components which allow the internet and websites.
Search Engine – Metasearch Engine Comparison By Ali Can Akdemir.
Darknet Anonymous peer to peer file sharing CS555 INTRODUCTION TO COMPUTER NETWORKSDR. KURT MALYFALL 2014 KHAJA MASROOR AHMED
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
NAV Project Update By: Meghan Allen and Peter McLachlan.
Footer to be inserted here 1 The following slides and notes have been prepared as a guide to preparing your presentation for the Postgraduate Research.
Unconstrained Endpoint Profiling (Googling the Internet)‏ Ionut Trestian Supranamaya Ranjan Aleksandar Kuzmanovic Antonio Nucci Northwestern University.
Passive traffic measurement Capturing actual Internet packets in order to measure: –Packet sizes –Traffic volumes –Application utilisation –Resource utilisation.
SNMP & MIME Rizwan Rehman, CCS, DU. Basic tasks that fall under this category are: What is Network Management? Fault Management Dealing with problems.
Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.
Sybex CCENT Chapter 13: Network Address Translation Instructor & Todd Lammle.
1 TCP/IP architecture A set of protocols allowing communication across diverse networks Out of ARPANET Emphasize on robustness regarding to failure Emphasize.
Networks. ProtocolMeaningApplication DNSDomain Name System (Server)Translates domain names such as ocr.org.uk into IP Addresses TLS/SSLTransport Layer.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 OSI Network Layer Network Fundamentals – Chapter 5.
R 18 G 65 B 145 R 0 G 201 B 255 R 104 G 113 B 122 R 216 G 217 B 218 R 168 G 187 B 192 Core and background colors: 1© Nokia Solutions and Networks 2014.
Selecting and Combining Tools F. Duveau 02/03/12 F. Duveau 02/03/12 Chapter 14.
Presentation on Osi & TCP/IP MODEL
How the Internet Works CPA. Internet Addresses How do you get to the school’s website? What you as the user sees is a web address or URL – Uniform Resource.
What is FORENSICS? Why do we need Network Forensics?
Packet Analysis Fluke Protocol Expert & Misc Applications Brian D. Sterck.
Mr C Johnston ICT Teacher
School of Engineering and Computer Science Victoria University of Wellington Copyright: Peter Andreae, VUW Networking COMP # 21.
Here you are at your computer, but you don’t have internet connections. Your ISP becomes your link to the internet. In order to get access you need to.
Multiple Processor Systems Chapter Multiprocessors 8.2 Multicomputers 8.3 Distributed systems.
© Chinese University, CSE Dept. Distributed Systems / Simple Example Open Microsoft Visual Studio 2005:
Mining and Querying Multimedia Data Fan Guo Sep 19, 2011 Committee Members: Christos Faloutsos, Chair Eric P. Xing William W. Cohen Ambuj K. Singh, University.
Mapping Internet Sensors with Probe Response Attacks Authors: John Bethencourt, Jason Franklin, Mary Vernon Published At: Usenix Security Symposium, 2005.
IP Addresses By Michelle Lin and Carmen Hui. IP Addresses IP stands for Internet Protocol. An IP Address is a unique number assigned to a device in a.
Networking Fundamentals. Basics Network – collection of nodes and links that cooperate for communication Nodes – computer systems –Internal (routers,
Web Servers: The Engines that Drive the World Wide Web Dr. William Farmer Reza Sherafat McMaster University May 3, 2006.
Page 1 CSISS Center for Spatial Information Science and Systems CWIC Metrics: Current and Future Weiguo Han, Liping Di, Yuanzheng Shao, Lingjun Kang Center.
TOWARDS A FLEXIBLE DATA PROCESSING AND REPORTING STRUCTURE FOR PACKET CAPTURE FILES V 3.0.
EOSDIS FY2009 Annual Metrics Report Prepared By: Hyo Duck Chang Adnet, Inc. Brian Krupp Adnet, Inc. Lalit Wanchoo Adnet, Inc. March 2010.
An Internet-Wide View of Internet-Wide Scanning.  Scanning  IPv4  Horizontal scanning – individual ports  Network telescope - darknet What is internet.
Practice 4 – traffic filtering, traffic analysis
Network Analyzer :- Introduction to Wireshark. What is Wireshark ? Ethereal Formerly known as Ethereal GUINetwork Protocol Analyzer Wireshark is a GUI.
Bradley Cowie Supervised by Barry Irwin Security and Networks Research Group Department of Computer Science Rhodes University DATA CLASSIFICATION FOR CLASSIFIER.
UNIT 2 LESSON 4 CS PRINCIPLES. OBJECTIVES Students will be able to: Describe the redundancy of routing between two points on the Internet. Send messages.
Presented By Amarjit Datta
1 Virtual Dark IP for Internet Threat Detection Akihiro Shimoda & Shigeki Goto Waseda University
UNIT 2 LESSON 9 CS PRINCIPLES. UNIT 2 LESSON 9 OBJECTIVES Students will be able to: Explain the inefficiencies of everyone managing their own name-to-
Routing Information Protocol
Chapter 16 - TCP: Software For Reliable Communication Introduction A Packet Switching System Can Be Overrun (merging highways) TCP Helps IP Guarantee Delivery.
Copyright 2007, Information Builders. Slide 1 iWay Web Services and WebFOCUS Consumption Michael Florkowski Information Builders.
Distributed Systems Ryan Chris Van Kevin. Kinds of Systems Distributed Operating System –Offers Transparent View of Network –Controls multiprocessors.
FIREWALLS An Important Component in Computer Systems Security By: Bao Ming Soh.
Comparison of Network Attacks COSC 356 Kyler Rhoades.
By: Samuel Oswald Hunter Supervisor: Mr Barry Irwin
Technologies and Applications
A Quick Guide to Ethereal/Wireshark
Craig Koorn Supervisors: Barry Irwin Alan Herbert
MCU cluster Cristian Alexe 18 October 2010.
Introduction to Networking
Here is the graph of a function
Challenges in Network Troubleshooting In big scale networks, when an issue like latency or packet drops occur its very hard sometimes to pinpoint.
Wireshark CSC8510 David Sivieri.
Starting TCP Connection – A High Level View
Hyperlinks and Protocols
Network Analyzer :- Introduction to Wireshark
Computer Networking A computer network, often simply referred to as a network, is a collection of computers and devices connected by communications channels.
Computer Networking A computer network, often simply referred to as a network, is a collection of computers and devices connected by communications channels.
Network Analyzer :- Introduction to Wireshark
Protocol Application TCP/IP Layer Model
The FRAME Routine Essential details
Prepared by :Adeel Ahmad
INFORMATION FLOW ACROSS THE INTERNET
WJEC GCSE Computer Science
Multiplication Facts 3 x Table.
Presentation transcript:

A flexible data processing and reporting system for packet capture files Ignus van Zyl (Iggy) Overlord Supervisor: Barry Irwin

Overview of project Internet Background Radiation Darknet/Network telescopes Packet capture (pcap) files Identify dataset trends Reporting

Datasets being used That means that there are packets to mine for data across 5 datasets

Hopefully the end result Don’t worry there will be pictures soon A web based system Utilising d3 and.json to create graphs in web environment Maybe even some textual reporting output Takes in pcap, returns report of interesting data and identified trends Identify trends across multiple pcap files

System view Pcap file Web interface Data repository System back-end Pcap file Known security trends Graph and text output Here pcap is parsed to json, pushed through to d3 and graphed before being displayed for user

Comparison of Datasets 146.x.x/24 and 155.x.x/24 Using tables and graphs derived from the pcap files Remember source data may be spoofed, but other data is accurate

Source IP addresses recorded

Source Ports recorded

Destination ports recorded

Comparison of graphs for 196. darknets

Protocols used x/24 (1) x/24 (2) x/24

Why does the graph look like this? Worms such as Conficker and Sasser target port 445 Morto worm known to target port 3389 (RDP)

146. vs 155. vs x.x/ x.x/ x/24 (1)

Category A and B Able to group datasets into categories Idea comes from Nkumeleni thesis Category A is 146.x.x/24 and 155.x.x/24 Category B is 196.x.x/24 Groupings are made as a result of packet distribution similarity

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.