CONFERENCE PROCEEDINGS
Advanced Search
Home > Proceedings > Volume 10206 > Article
Presentation + Paper
2 May 2017 A preliminary architecture for building communication software from traffic captures
Jaime C. Acosta, Pedro Estrada Jr.
Author Affiliations +
Proceedings Volume 10206, Disruptive Technologies in Sensors and Sensor Systems; 102060T (2017) https://doi.org/10.1117/12.2266902
Event: SPIE Defense + Security, 2017, Anaheim, CA, United States
Abstract
Security analysts are tasked with identifying and mitigating network service vulnerabilities. A common problem associated with in-depth testing of network protocols is the availability of software that communicates across disparate protocols. Many times, the software required to communicate with these services is not publicly available. Developing this software is a time-consuming undertaking that requires expertise and understanding of the protocol specification. The work described in this paper aims at developing a software package that is capable of automatically creating communication clients by using packet capture (pcap) and TShark dissectors. Currently, our focus is on simple protocols with fixed fields. The methodologies developed as part of this work will extend to other complex protocols such as the Gateway Load Balancing Protocol (GLBP), Port Aggregation Protocol (PAgP), and Open Shortest Path First (OSPF). Thus far, we have architected a modular pipeline for an automatic traffic-based software generator. We start the transformation of captured network traffic by employing TShark to convert packets into a Packet Details Markup Language (PDML) file. The PDML file contains a parsed, textual, representation of the packet data. Then, we extract field data, types, along with inter and intra-packet dependencies. This information is then utilized to construct an XML file that encompasses the protocol state machine and field vocabulary. Finally, this XML is converted into executable code. Using our methodology, and as a starting point, we have succeeded in automatically generating software that communicates with other hosts using an automatically generated Internet Control Message Protocol (ICMP) client program.
Conference Presentation
© (2017) COPYRIGHT Society of Photo-Optical Instrumentation Engineers (SPIE). Downloading of the abstract is permitted for personal use only.
Citation Download Citation
Jaime C. Acosta and Pedro Estrada Jr. "A preliminary architecture for building communication software from traffic captures", Proc. SPIE 10206, Disruptive Technologies in Sensors and Sensor Systems, 102060T (2 May 2017); https://doi.org/10.1117/12.2266902
ACCESS THE FULL ARTICLE
ORGANIZATIONAL
Sign in with credentials provided by your organization.
INSTITUTIONAL
Select your institution to access the SPIE Digital Library.
SELECT YOUR INSTITUTION
PERSONAL
Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.
PERSONAL SIGN IN
No SPIE Account? Create one
PURCHASE THIS CONTENT
SUBSCRIBE TO DIGITAL LIBRARY
50 downloads per 1-year subscription
Members: $195
Non-members: $335 ADD TO CART
25 downloads per 1 - year subscription
Members: $145
Non-members: $250 ADD TO CART
PURCHASE SINGLE ARTICLE
Includes PDF, HTML & Video, when available
Members: $17.00
Non-members: $21.00 ADD TO CART
PROCEEDINGS
 12 PAGES + PRESENTATION
DOWNLOAD PAPER SAVE TO MY LIBRARY
WATCH
PRESENTATION
GET CITATION
Advertisement
Advertisement
RIGHTS & PERMISSIONS
Get copyright permission  Get copyright permission on Copyright Marketplace
KEYWORDS
Error control coding
Software development
Network security
Internet
Optical parametric oscillators
Reverse engineering
Associative arrays
RELATED CONTENT
Analysis and implementation of man in the middle attack on...
Proceedings of SPIE (May 05 2022)
Dependability analysis of WRT54GL router
Proceedings of SPIE (September 28 2016)
Long lasting effects of awareness training methods on reducing overall...
Proceedings of SPIE (May 07 2019)
Performance enhancement with transportation layer tunneling for satellite communication systems
Proceedings of SPIE (April 22 2020)
Internet-based secure virtual networks
Proceedings of SPIE (September 16 1998)
ML IKE a multi layer IKE protocol for TCP...
Proceedings of SPIE (April 02 2010)
Using overlays to improve network security
Proceedings of SPIE (July 08 2002)
Subscribe to Digital Library
Receive Erratum Email Alert
Back to Top