Flexible Data Processing & Reporting System for Packet Capture Files

a flexible data processing and reporting system n.w
1 / 16
Embed
Share

"Explore a flexible data processing and reporting system designed by Ignus van Zyl (Iggy) under the supervision of Barry Irwin. This system focuses on analyzing packet capture files, identifying dataset trends, and generating insightful reports using web-based tools and d3.js. With a vast dataset of over 66 million packets, this project aims to extract valuable insights and trends across multiple pcap files. Dive into the world of Internet Background Radiation, Darknet investigations, and network telescopes through innovative data processing techniques."

  • Data Processing
  • Reporting System
  • Packet Capture
  • Dataset Trends
  • Web Environment
rayaanacharya
ebala Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. A flexible data processing and reporting system for packet capture files Ignus van Zyl (Iggy) Overlord Supervisor: Barry Irwin

  2. Overview of project Internet Background Radiation Darknet/Network telescopes Packet capture (pcap) files Identify dataset trends Reporting

  3. Datasets being used That means that there are 66 207 072 packets to mine for data across 5 datasets

  4. Hopefully the end result Don t worry there will be pictures soon A web based system Utilising d3 and .json to create graphs in web environment Maybe even some textual reporting output Takes in pcap, returns report of interesting data and identified trends Identify trends across multiple pcap files

  5. System view Graph and text output Data repository Web interface Pcap file Pcap file Known security trends Graph and text output System back-end Here pcap is parsed to json, pushed through to d3 and graphed before being displayed for user

  6. Comparison of Datasets 146.x.x/24 and 155.x.x/24 Using tables and graphs derived from the pcap files Remember source data may be spoofed, but other data is accurate

  7. Source IP addresses recorded

  8. Source Ports recorded

  9. Destination ports recorded 13465 28 10 97

  10. Comparison of graphs for 196. darknets

  11. Protocols used 196.21.x/24 (1) 196.21.x/24 (2) 196.24.x/24

  12. Why does the graph look like this? Worms such as Conficker and Sasser target port 445 Morto worm known to target port 3389 (RDP)

  13. 146. vs 155. vs 196. 146.x.x/24 155.x.x/24 196.21.x/24 (1)

  14. Category A and B Able to group datasets into categories Idea comes from Nkumeleni thesis Category A is 146.x.x/24 and 155.x.x/24 Category B is 196.x.x/24 Groupings are made as a result of packet distribution similarity

Related


No related presentations.

More Related Content