Security analysts are tasked with identifying and mitigating network service vulnerabilities. A common problem
associated with in-depth testing of network protocols is the availability of software that communicates across disparate
protocols. Many times, the software required to communicate with these services is not publicly available. Developing
this software is a time-consuming undertaking that requires expertise and understanding of the protocol specification.
The work described in this paper aims at developing a software package that is capable of automatically creating
communication clients by using packet capture (pcap) and TShark dissectors. Currently, our focus is on simple
protocols with fixed fields. The methodologies developed as part of this work will extend to other complex protocols
such as the Gateway Load Balancing Protocol (GLBP), Port Aggregation Protocol (PAgP), and Open Shortest Path First
(OSPF).
Thus far, we have architected a modular pipeline for an automatic traffic-based software generator. We start the
transformation of captured network traffic by employing TShark to convert packets into a Packet Details Markup
Language (PDML) file. The PDML file contains a parsed, textual, representation of the packet data. Then, we extract
field data, types, along with inter and intra-packet dependencies. This information is then utilized to construct an XML
file that encompasses the protocol state machine and field vocabulary. Finally, this XML is converted into executable
code. Using our methodology, and as a starting point, we have succeeded in automatically generating software that
communicates with other hosts using an automatically generated Internet Control Message Protocol (ICMP) client
program.
|