2 May 2017 A preliminary architecture for building communication software from traffic captures
Author Affiliations +
Abstract
Security analysts are tasked with identifying and mitigating network service vulnerabilities. A common problem associated with in-depth testing of network protocols is the availability of software that communicates across disparate protocols. Many times, the software required to communicate with these services is not publicly available. Developing this software is a time-consuming undertaking that requires expertise and understanding of the protocol specification. The work described in this paper aims at developing a software package that is capable of automatically creating communication clients by using packet capture (pcap) and TShark dissectors. Currently, our focus is on simple protocols with fixed fields. The methodologies developed as part of this work will extend to other complex protocols such as the Gateway Load Balancing Protocol (GLBP), Port Aggregation Protocol (PAgP), and Open Shortest Path First (OSPF). Thus far, we have architected a modular pipeline for an automatic traffic-based software generator. We start the transformation of captured network traffic by employing TShark to convert packets into a Packet Details Markup Language (PDML) file. The PDML file contains a parsed, textual, representation of the packet data. Then, we extract field data, types, along with inter and intra-packet dependencies. This information is then utilized to construct an XML file that encompasses the protocol state machine and field vocabulary. Finally, this XML is converted into executable code. Using our methodology, and as a starting point, we have succeeded in automatically generating software that communicates with other hosts using an automatically generated Internet Control Message Protocol (ICMP) client program.
Conference Presentation
© (2017) COPYRIGHT Society of Photo-Optical Instrumentation Engineers (SPIE). Downloading of the abstract is permitted for personal use only.
Jaime C. Acosta, Pedro Estrada, "A preliminary architecture for building communication software from traffic captures", Proc. SPIE 10206, Disruptive Technologies in Sensors and Sensor Systems, 102060T (2 May 2017); doi: 10.1117/12.2266902; https://doi.org/10.1117/12.2266902
PROCEEDINGS
12 PAGES + PRESENTATION

SHARE
RELATED CONTENT

Dependability analysis of WRT54GL router
Proceedings of SPIE (September 28 2016)
The study of wlan security and its solution
Proceedings of SPIE (February 20 2006)
Internet-based secure virtual networks
Proceedings of SPIE (September 16 1998)
ML IKE a multi layer IKE protocol for TCP...
Proceedings of SPIE (April 02 2010)
Using overlays to improve network security
Proceedings of SPIE (July 08 2002)

Back to Top