Beyond Ethereal: Crafting A Tivo For Security Datastreams presented at Blackhat USA 2005

by Greg Conti,

Tags: Security Analysis

Summary : Ethereal is a thing of beauty, but
ultimately you are constrained to a tiny window of 30-40 packets that is
insufficient when dealing with network datasets that could be on the
order of millions of packets. In addition, it only displays traffic from
packet captures and lacks the ability to incorporate and correlate
other security related datastreams. In an attempt to break from this
paradigm, we will explore conceptual, system design and implementation
techniques to help you build better security analysis tools. By applying
advanced information visualization and interaction techniques such as
dynamic queries, interactive encoding, semantic zooming, n-gram analysis
and rainfall visualization you will gain far more insight into your
data, far more quickly than with today‚s best tools. We will discuss
lessons learned from the implementation of a security PVR (a prototype
will be released) and explore additional topics such as using visual
techniques to navigate and semantically encode small and large binary
objects, such as executable files, to improve reverse engineering. To
get the most out of this talk you should have a solid understanding of
the OSI model and network protocols.