Presentation is loading. Please wait.

Presentation is loading. Please wait.

TOWARDS A FLEXIBLE DATA PROCESSING AND REPORTING STRUCTURE FOR PACKET CAPTURE FILES V 3.0.

Published byJean Holt Modified over 8 years ago

Similar presentations

Presentation on theme: "TOWARDS A FLEXIBLE DATA PROCESSING AND REPORTING STRUCTURE FOR PACKET CAPTURE FILES V 3.0."— Presentation transcript:

1 TOWARDS A FLEXIBLE DATA PROCESSING AND REPORTING STRUCTURE FOR PACKET CAPTURE FILES V 3.0

2 BASIC CONCEPTS Internet background radiation Network telescopes Datasets David promises to elaborate on these further

3 GENERATED REPORTS Two reports generated General report Drill-down report Breakdown of activity in dataset Relevant identifiers

4 WHAT HAS BEEN ACHIEVED Reporting framework that outlines the packet results for a pcap file by month and total dataset Secondary report generation that allows drill-down of results Identification and analysis of malicious packets and attacks captured by darknets

5 SYSTEM

6 CASE STUDIES Have selected some of the results from the project to show its capabilities All of the data sampled from the aforementioned datasets

7 EXAMPLE OUTPUT OF REPORT Source IP addressNumber of packets received Percentage of total packets 146.231.254.65921749.422 146.231.254.119177311.812 146.231.254.114105941.083 146.231.254.11094330.964 146.231.254.11889160.911 146.231.254.14262370.638 146.231.254.12560780.621 146.231.254.6249590.507 146.231.254.848090.492 146.231.254.3647210.483 146.231.254.344910.459 146.231.254.7243580.445 146.231.254.541430.423 146.231.254.7340890.417 146.231.254.5640690.415 146.231.254.2340290.412 146.231.254.8139970.409 146.231.254.7539880.408 146.231.254.16939770.407 146.231.254.1339620.405

8 SOME GREAT ANALYSIS RESULTS Reflected DNS amplification attack DDoS backscatter Changing trends in darknets

9 DNS AMPLIFICATION ATTACK

10

11 DDOS

12

13 DARKNET ACTIVITY

14 SSH SCANNING ACTIVITY

15 12/1301/14 Destination port Number of packets received Percentage of total packets Destination port Number of packets received Percentage of total packets 2212985115.7352233649734.182 809234711.1903389977879.933 3389617717.48580826248.393 445382274.63223653646.640 8080337734.0928080363973.697 Table comparing top 5 TCP destination ports of 146 dataset across two months

16 FUTURE DEVELOPMENT Have real-time version of reporting structure Automatically generate relevant text in document Give document ability to decide whether drill-down report necessary

17 QUESTIONS?

Download ppt "TOWARDS A FLEXIBLE DATA PROCESSING AND REPORTING STRUCTURE FOR PACKET CAPTURE FILES V 3.0."

Similar presentations

Predicting Tor Path Compromise by Exit Port IEEE WIDA 2009December 16, 2009 Kevin Bauer, Dirk Grunwald, and Douglas Sicker University of Colorado Client.

Predicting Tor Path Compromise by Exit Port IEEE WIDA 2009December 16, 2009 Kevin Bauer, Dirk Grunwald, and Douglas Sicker University of Colorado Client.
IPv6 Background Radiation Geoff Huston APNIC R&D.

IPv6 Background Radiation Geoff Huston APNIC R&D.
A flexible data processing and reporting system for packet capture files Ignus van Zyl (Iggy) Overlord Supervisor: Barry Irwin.

A flexible data processing and reporting system for packet capture files Ignus van Zyl (Iggy) Overlord Supervisor: Barry Irwin.
Capture Packets using Wireshark. Introduction Wireshark – – Packet analysis software – Open source.

Capture Packets using Wireshark. Introduction Wireshark – – Packet analysis software – Open source.
Inferring Internet Denial-of- Service Activity David Moore, Colleen Shannon, Douglas J. Brown, Geoffrey M. Voelker, Stefan Savage Presented by Thangam.

Inferring Internet Denial-of- Service Activity David Moore, Colleen Shannon, Douglas J. Brown, Geoffrey M. Voelker, Stefan Savage Presented by Thangam.
 Firewalls and Application Level Gateways (ALGs)  Usually configured to protect from at least two types of attack ▪ Control sites which local users.

 Firewalls and Application Level Gateways (ALGs)  Usually configured to protect from at least two types of attack ▪ Control sites which local users.
BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.

BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.
Embracing the chaos mark lorenc

Embracing the chaos mark lorenc
Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.

Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.
Copyright © 2002 Pearson Education, Inc. Slide 3-1 PERTEMUAN 5.

Copyright © 2002 Pearson Education, Inc. Slide 3-1 PERTEMUAN 5.
Network Analyzer Example

Network Analyzer Example
Measurement and Diagnosis of Address Misconfigured P2P traffic Zhichun Li, Anup Goyal, Yan Chen and Aleksandar Kuzmanovic Lab for Internet and Security.

Measurement and Diagnosis of Address Misconfigured P2P traffic Zhichun Li, Anup Goyal, Yan Chen and Aleksandar Kuzmanovic Lab for Internet and Security.
Inferring Internet Denial-of- Service Activity David Moore, Geoffrey M Voelker, Stefan Savage Presented by Yuemin Yu – CS290F – Winter 2005.

Inferring Internet Denial-of- Service Activity David Moore, Geoffrey M Voelker, Stefan Savage Presented by Yuemin Yu – CS290F – Winter 2005.
Vocabulary URL = uniform resource locator: web address protocol –set of rules that networked computers follow in order to share data and coordinate communications.

Vocabulary URL = uniform resource locator: web address protocol –set of rules that networked computers follow in order to share data and coordinate communications.
Lecture 15 Denial of Service Attacks

Lecture 15 Denial of Service Attacks
Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.

Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.
Security in IP telephony (VoIP) David Andersson Erik Martinsson.

Security in IP telephony (VoIP) David Andersson Erik Martinsson.
2009/9/151 Rishi : Identify Bot Contaminated Hosts By IRC Nickname Evaluation Reporter : Fong-Ruei, Li Machine Learning and Bioinformatics Lab In Proceedings.

2009/9/151 Rishi : Identify Bot Contaminated Hosts By IRC Nickname Evaluation Reporter : Fong-Ruei, Li Machine Learning and Bioinformatics Lab In Proceedings.
Towards Extending the Antivirus Capability to Scan Network Traffic Mohammed I. Al-Saleh Jordan University of Science and Technology.

Towards Extending the Antivirus Capability to Scan Network Traffic Mohammed I. Al-Saleh Jordan University of Science and Technology.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 OSI Network Layer Network Fundamentals – Chapter 5.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 OSI Network Layer Network Fundamentals – Chapter 5.

Similar presentations

Ads by Google