The eyes of Defense: Packet Analysis ans Signal Process

PacketIntell

#clean ipv4 tcp session

#liptcpport produce clean tcp session, How?

#1.check first 100 ipv4 packets to verfy ip position is standard or nonstandard, ex:ip header 0x45 0x00 at frame pos[14] 100 % right

#2.retransmittion packets: can get rid of retransmittion packets

#3.check TCP transmittion is ok: tracking the tcp state by flag to the end , make sure the whole TCP transmittion is finished

#4.check packet lose: check and tracking each packet's length and packet sequence to end of TCP transmittion

#demo

.\liptcpport.exe .\samples\lbnl.anon-ftp.03-01-10.tcpdump.pcap

# check result in output\\ folder

#ex:

#output\\05082021_1457.pcap.tar all good *.pcap file for further process

#output\\05082021_1457txt.tar all good session plan text for viewing the data ex.USER csanders PASS echo SIZE Music.mp3 by editor

#7 layer filter

#can use tar to filter out by source ip, destip, source port, dest port by filename

#do keyword (binary)search in all layer 7 session content for all ports

#keyword are add in file "Keywordtable.txt"

#filename with the keyword found is strore in "output\\keywordresult.csv" which can combine into satellite data base to search user

#ip to map

#show the ip on the world map to know the user location if ip is real

#demo license only for iprange 0.0.0.0 - 99.255.255.255

#check output\\*.html

#Performace enhance:

#packets all load and run in memory

#sessions all package in a tar file to avoid too many session files to the folder limitation and read session tar file only once

Document Download

Page updated

Report abuse