Security analysts are tasked with identifying and mitigating network service vulnerabilities. A common problem
associated with in-depth testing of network protocols is the availability of software that communicates across disparate
protocols. Many times, the software required to communicate with these services is not publicly available. Developing
this software is a time-consuming undertaking that requires expertise and understanding of the protocol specification.
The work described in this paper aims at developing a software package that is capable of automatically creating
communication clients by using packet capture (pcap) and TShark dissectors. Currently, our focus is on simple
protocols with fixed fields. The methodologies developed as part of this work will extend to other complex protocols
such as the Gateway Load Balancing Protocol (GLBP), Port Aggregation Protocol (PAgP), and Open Shortest Path First
Thus far, we have architected a modular pipeline for an automatic traffic-based software generator. We start the
transformation of captured network traffic by employing TShark to convert packets into a Packet Details Markup
Language (PDML) file. The PDML file contains a parsed, textual, representation of the packet data. Then, we extract
field data, types, along with inter and intra-packet dependencies. This information is then utilized to construct an XML
file that encompasses the protocol state machine and field vocabulary. Finally, this XML is converted into executable
code. Using our methodology, and as a starting point, we have succeeded in automatically generating software that
communicates with other hosts using an automatically generated Internet Control Message Protocol (ICMP) client
Jaime C. Acosta and Pedro Estrada, "A preliminary architecture for building communication software from traffic captures," Proc. SPIE 10206, Disruptive Technologies in Sensors and Sensor Systems, 102060T (Presented at SPIE Defense + Security: April 12, 2017; Published: 2 May 2017); https://doi.org/10.1117/12.2266902.
Conference Presentations are recordings of oral presentations given at SPIE conferences and published as part of the conference proceedings. They include the speaker's narration along with a video recording of the presentation slides and animations. Many conference presentations also include full-text papers. Search and browse our growing collection of more than 12,000 conference presentations, including many plenary and keynote presentations.