Presentation is loading. Please wait.

Presentation is loading. Please wait.

A flexible data processing and reporting system for packet capture files Ignus van Zyl (Iggy) Overlord Supervisor: Barry Irwin.

Published byWilfred Newman Modified over 9 years ago

Similar presentations

Presentation on theme: "A flexible data processing and reporting system for packet capture files Ignus van Zyl (Iggy) Overlord Supervisor: Barry Irwin."— Presentation transcript:

1 A flexible data processing and reporting system for packet capture files Ignus van Zyl (Iggy) Overlord Supervisor: Barry Irwin

2 Overview of project Internet Background Radiation Darknet/Network telescopes Packet capture (pcap) files Identify dataset trends Reporting

3 Datasets being used That means that there are 66 207 072 packets to mine for data across 5 datasets

4 Hopefully the end result Don’t worry there will be pictures soon A web based system Utilising d3 and.json to create graphs in web environment Maybe even some textual reporting output Takes in pcap, returns report of interesting data and identified trends Identify trends across multiple pcap files

5 System view Pcap file Web interface Data repository System back-end Pcap file Known security trends Graph and text output Here pcap is parsed to json, pushed through to d3 and graphed before being displayed for user

6 Comparison of Datasets 146.x.x/24 and 155.x.x/24 Using tables and graphs derived from the pcap files Remember source data may be spoofed, but other data is accurate

7 Source IP addresses recorded

8 Source Ports recorded

9 Destination ports recorded 1 3 4 6 5 2 8 10 9 7

10 Comparison of graphs for 196. darknets

11 Protocols used 196.21.x/24 (1) 196.21.x/24 (2) 196.24.x/24

12 Why does the graph look like this? Worms such as Conficker and Sasser target port 445 Morto worm known to target port 3389 (RDP)

13 146. vs 155. vs 196. 146.x.x/24 155.x.x/24 196.21.x/24 (1)

14 Category A and B Able to group datasets into categories Idea comes from Nkumeleni thesis Category A is 146.x.x/24 and 155.x.x/24 Category B is 196.x.x/24 Groupings are made as a result of packet distribution similarity

15

16

Download ppt "A flexible data processing and reporting system for packet capture files Ignus van Zyl (Iggy) Overlord Supervisor: Barry Irwin."

Similar presentations

TCP/IP MODEL Maninder Kaur www.eazynotes.com.

TCP/IP MODEL Maninder Kaur
TOPIC LEARNING BTEC Level 3 Unit 28 Websites L01- All students will understand the web architecture and components which allow the internet and websites.

TOPIC LEARNING BTEC Level 3 Unit 28 Websites L01- All students will understand the web architecture and components which allow the internet and websites.
Search Engine – Metasearch Engine Comparison By Ali Can Akdemir.

Search Engine – Metasearch Engine Comparison By Ali Can Akdemir.
Darknet Anonymous peer to peer file sharing CS555 INTRODUCTION TO COMPUTER NETWORKSDR. KURT MALYFALL 2014 KHAJA MASROOR AHMED00999044.

Darknet Anonymous peer to peer file sharing CS555 INTRODUCTION TO COMPUTER NETWORKSDR. KURT MALYFALL 2014 KHAJA MASROOR AHMED
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
NAV Project Update By: Meghan Allen and Peter McLachlan.

NAV Project Update By: Meghan Allen and Peter McLachlan.
Footer to be inserted here 1 The following slides and notes have been prepared as a guide to preparing your presentation for the Postgraduate Research.

Footer to be inserted here 1 The following slides and notes have been prepared as a guide to preparing your presentation for the Postgraduate Research.
Unconstrained Endpoint Profiling (Googling the Internet)‏ Ionut Trestian Supranamaya Ranjan Aleksandar Kuzmanovic Antonio Nucci Northwestern University.

Unconstrained Endpoint Profiling (Googling the Internet)‏ Ionut Trestian Supranamaya Ranjan Aleksandar Kuzmanovic Antonio Nucci Northwestern University.
Passive traffic measurement Capturing actual Internet packets in order to measure: –Packet sizes –Traffic volumes –Application utilisation –Resource utilisation.

Passive traffic measurement Capturing actual Internet packets in order to measure: –Packet sizes –Traffic volumes –Application utilisation –Resource utilisation.
SNMP & MIME Rizwan Rehman, CCS, DU. Basic tasks that fall under this category are: What is Network Management? Fault Management Dealing with problems.

SNMP & MIME Rizwan Rehman, CCS, DU. Basic tasks that fall under this category are: What is Network Management? Fault Management Dealing with problems.
Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.

Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.
Sybex CCENT 100-101 Chapter 13: Network Address Translation Instructor & Todd Lammle.

Sybex CCENT Chapter 13: Network Address Translation Instructor & Todd Lammle.
1 TCP/IP architecture A set of protocols allowing communication across diverse networks Out of ARPANET Emphasize on robustness regarding to failure Emphasize.

1 TCP/IP architecture A set of protocols allowing communication across diverse networks Out of ARPANET Emphasize on robustness regarding to failure Emphasize.
Networks. ProtocolMeaningApplication DNSDomain Name System (Server)Translates domain names such as ocr.org.uk into IP Addresses TLS/SSLTransport Layer.

Networks. ProtocolMeaningApplication DNSDomain Name System (Server)Translates domain names such as ocr.org.uk into IP Addresses TLS/SSLTransport Layer.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 OSI Network Layer Network Fundamentals – Chapter 5.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 OSI Network Layer Network Fundamentals – Chapter 5.
R 18 G 65 B 145 R 0 G 201 B 255 R 104 G 113 B 122 R 216 G 217 B 218 R 168 G 187 B 192 Core and background colors: 1© Nokia Solutions and Networks 2014.

R 18 G 65 B 145 R 0 G 201 B 255 R 104 G 113 B 122 R 216 G 217 B 218 R 168 G 187 B 192 Core and background colors: 1© Nokia Solutions and Networks 2014.
Selecting and Combining Tools F. Duveau 02/03/12 F. Duveau 02/03/12 Chapter 14.

Selecting and Combining Tools F. Duveau 02/03/12 F. Duveau 02/03/12 Chapter 14.
Presentation on Osi & TCP/IP MODEL

Presentation on Osi & TCP/IP MODEL
How the Internet Works CPA. Internet Addresses How do you get to the school’s website? What you as the user sees is a web address or URL – Uniform Resource.

How the Internet Works CPA. Internet Addresses How do you get to the school’s website? What you as the user sees is a web address or URL – Uniform Resource.
What is FORENSICS? Why do we need Network Forensics?

What is FORENSICS? Why do we need Network Forensics?

Similar presentations

Ads by Google