Translator Disclaimer
2 May 2017 A preliminary architecture for building communication software from traffic captures
Author Affiliations +
Security analysts are tasked with identifying and mitigating network service vulnerabilities. A common problem associated with in-depth testing of network protocols is the availability of software that communicates across disparate protocols. Many times, the software required to communicate with these services is not publicly available. Developing this software is a time-consuming undertaking that requires expertise and understanding of the protocol specification. The work described in this paper aims at developing a software package that is capable of automatically creating communication clients by using packet capture (pcap) and TShark dissectors. Currently, our focus is on simple protocols with fixed fields. The methodologies developed as part of this work will extend to other complex protocols such as the Gateway Load Balancing Protocol (GLBP), Port Aggregation Protocol (PAgP), and Open Shortest Path First (OSPF). Thus far, we have architected a modular pipeline for an automatic traffic-based software generator. We start the transformation of captured network traffic by employing TShark to convert packets into a Packet Details Markup Language (PDML) file. The PDML file contains a parsed, textual, representation of the packet data. Then, we extract field data, types, along with inter and intra-packet dependencies. This information is then utilized to construct an XML file that encompasses the protocol state machine and field vocabulary. Finally, this XML is converted into executable code. Using our methodology, and as a starting point, we have succeeded in automatically generating software that communicates with other hosts using an automatically generated Internet Control Message Protocol (ICMP) client program.
Conference Presentation
© (2017) COPYRIGHT Society of Photo-Optical Instrumentation Engineers (SPIE). Downloading of the abstract is permitted for personal use only.
Jaime C. Acosta and Pedro Estrada Jr. "A preliminary architecture for building communication software from traffic captures", Proc. SPIE 10206, Disruptive Technologies in Sensors and Sensor Systems, 102060T (2 May 2017);


Dependability analysis of WRT54GL router
Proceedings of SPIE (September 27 2016)
Security issues of GIServices
Proceedings of SPIE (October 27 2006)
Internet-based secure virtual networks
Proceedings of SPIE (September 15 1998)
ML IKE a multi layer IKE protocol for TCP...
Proceedings of SPIE (April 02 2010)
Using overlays to improve network security
Proceedings of SPIE (July 07 2002)
Internet firewalls: questions and answers
Proceedings of SPIE (March 11 1996)

Back to Top