2013-12-05_tcpflow-and-BE-update

More documents

Recommendations

Info

tcpflow 1.4 uses the bulk_extractor plug-in APIBasic structure of tcpflow similar to basic structure of bulk_extractor.• Expanded bulk_extractor API to handle call-backs for packets• Visualization handled as another module• Currently single-threadedTCPcreate_fileMD5packet iteratorHTTP & gzipOther bulk_extractor modules can be employed:• JSON• BASE64• GPS32
tcpflow — performance and comparisonData set: MIT Lincoln Labs ID99 EvaluationDataset:Week 2, Tuesday, InsideNumber of Packets 1585120Size of PCAP file:400,104,805 bytesNumber of TCP connections: 110,978tcpflow 1.4 Wireshark 1.10.3Time to process(Mac Pro)91.1 seconds 276 secondsTime to access eachTCP stream
Page 1 and 2: TCPBEflowTCP analysis with tcpflow;
Page 3 and 4: tcpflow is a command-line tool for
Page 6 and 7: tcpflow turns each side of the TCP
Page 14 and 15: tcpflow automatically bins connecti
Page 16 and 17: eport.xml is a DFXML file that reco
Page 18 and 19: tags generated by tcpflow match fiw
Page 20 and 21: Harassment atNITROBAState Universit
Page 22 and 23: To find out what's going on,Nitroba
Page 24 and 25: How to solve this problem:NITROBASt
Page 26 and 27: Slides omitted
Page 28 and 29: tcpflow addresses important “real
Page 30 and 31: 26tcpflow makes transcripts from ea
Page 32 and 33: 28tcpflow makes transcripts with mi
Page 34 and 35: 30tcpflow will detect and split gig
Page 38 and 39: SSL decryption issuesOptions for de
Page 40 and 41: The actual cipher suites used when
Page 42 and 43: 808023One-page visualization of pac
Page 44 and 45: Radiotap information available at T
Page 46 and 47: 802.11 link-layer information avail
Page 48 and 49: plot_wifi_aps.py will transform thi
Page 50 and 51: BEbulk_extractorimprovements
Page 53 and 54: zip.txt — potential zipfile heade
Page 55 and 56: Beverly, Robert, Simson Garfinkel a
Page 57 and 58: Are low-level binary network data s
Page 59 and 60: Hibernation decompression found eve
Page 61 and 62: BE 1.3 put MAC addresses in ether.t
Page 63 and 64: ip_histogram.txt removes random noi
Page 65 and 66: pcap files are a common file format
Page 67 and 68: We find a lot of packets on disks!A
Page 69 and 70: The big picture:using low-probabili

2013-12-05_tcpflow-and-BE-update

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?