2013-12-05_tcpflow-and-BE-update

More documents

Recommendations

Info

tags generated by tcpflow match fiwalk’s.Note:031.013.069.160.00443-010.002.107.009.5213376a1e0610d76af60000e8a0710a6bb59c6• Processing flows with XML is non-standard but relatively easy.• 10-20GB DFXML files can be rapidly processed with dfxml.py (SAX-based parser).Other output options in development:• sqlite• Netflow? RFC5665 IPFIX? SiLK? FlowCollector?11
Decoded HTTP objects are represented with and recurisve s.......-HTTPBODY-001.gif3964...HTTPBODY-001.gif5048...12
Page 1 and 2: TCPBEflowTCP analysis with tcpflow;
Page 3 and 4: tcpflow is a command-line tool for
Page 6 and 7: tcpflow turns each side of the TCP
Page 14 and 15: tcpflow automatically bins connecti
Page 16 and 17: eport.xml is a DFXML file that reco
Page 20 and 21: Harassment atNITROBAState Universit
Page 22 and 23: To find out what's going on,Nitroba
Page 24 and 25: How to solve this problem:NITROBASt
Page 26 and 27: Slides omitted
Page 28 and 29: tcpflow addresses important “real
Page 30 and 31: 26tcpflow makes transcripts from ea
Page 32 and 33: 28tcpflow makes transcripts with mi
Page 34 and 35: 30tcpflow will detect and split gig
Page 36 and 37: tcpflow 1.4 uses the bulk_extractor
Page 38 and 39: SSL decryption issuesOptions for de
Page 40 and 41: The actual cipher suites used when
Page 42 and 43: 808023One-page visualization of pac
Page 44 and 45: Radiotap information available at T
Page 46 and 47: 802.11 link-layer information avail
Page 48 and 49: plot_wifi_aps.py will transform thi
Page 50 and 51: BEbulk_extractorimprovements
Page 53 and 54: zip.txt — potential zipfile heade
Page 55 and 56: Beverly, Robert, Simson Garfinkel a
Page 57 and 58: Are low-level binary network data s
Page 59 and 60: Hibernation decompression found eve
Page 61 and 62: BE 1.3 put MAC addresses in ether.t
Page 63 and 64: ip_histogram.txt removes random noi
Page 65 and 66: pcap files are a common file format
Page 67 and 68: We find a lot of packets on disks!A
Page 69 and 70:
The big picture:using low-probabili
show all

2013-12-05_tcpflow-and-BE-update

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?