Chris Harrington, profile picture
Uploaded byChris Harrington
PPTX, PDF5,716 views

CapAnalysis - Deep Packet Inspection

This document is a user guide for the Capanalysis tool focused on analyzing TCP and UDP flows using deep packet inspection on Linux systems. It covers installation requirements, dataset creation, analysis features including powerful filtering options, and visualization tools like charts and maps for refined data interpretation. The guide emphasizes cost-effectiveness and ease of use for non-technical stakeholders, providing insights through reporting and presentation capabilities.

Technology
In this document
Powered by AI

Overview of CapAnalysis for capturing and analyzing TCP & UDP flows, presented by Chris Harrington.

CapAnalysis runs on Debian-based Linux; requires installation of php5-sqlite and php-mdb2-driver-pgsql.

Instructions on accessing CapAnalysis, creating a dataset, and adding capture files for analysis.

Powerful filters available for refined analysis of datasets; includes various filter criteria.

Displays of data streams, protocol usage, statistics, timelines, maps, and detailed IP overviews.

Use advanced filters for better analysis; highlights reporting, geolocation, and cost-effectiveness.

Contact details for further inquiries regarding the CapAnalysis tool.

Embed presentation

Downloaded 79 times
For wireless investigations User guide for capture analysis TCP & UDP Flows – deep packet inspection By Chris Harrington
 CapAnalysis runs in Linux OS (x32/x64) ◦ Debian based  Pcap viewer  Analyze TCP & UDP streams  Supports multiple datasets  Performs deep packet inspection  Reporting and presentation capabilities  Using Kali Linux running in VMware workstation for this guide
 Two packages need to be installed ◦ php5-sqlite ◦ php-mdb2-driver-pgsql Command: apt-get install php5-sqlite apt-get install php-mdb2-driver-pgsql  Restart apache service  Start CapAnalysis and Postgresql
 URL: localhost:9877
 Create a dataset for suspect’s case
 Example: SuspectX
 Add capture files to analyze
 Via browser
 Via netcat Command: cat <pcapfile> | nc ::1 30001
 Click on dataset name to enter analysis
 Powerful filters are available for quick analysis. Use them for refined analysis
Filter elements Filter files Filter IP/Ports Filter protocols Filter country Filter data size Filter date or time Filter elements Filter files Filter protocols Filter IP/Ports Filter country Filter data size Filter date or time
 Displays all UDP & TCP streams
 Displays protocols used in dataset flows ◦ by country or by data type
 Statistics overview of dataset ◦ Quickly identify key information
 Timeline view of distribution of data  Intervals can be set (minimum 5 minutes)
 Map view of flows, data received and sent ◦ Interactive map
 Displaying all source and destination IPs  clicking on an IP will give detailed overview of that IP
 Chart view of protocols identification from dataset Click here for different data types Mouse over
 Timeline display from dataset Remember to use filters
 Use advanced filters for refining analysis  Reporting and presentation capabilities ◦ Easy to understand for non technical stakeholders  Timelines  Dissecting TCP and UDP streams  Time saving  Cost effective  Geolocation of all connections  Upload datasets with NetCat (scripting possibilities?)
 My contact details  C.k.harrington@gmail.com

More Related Content

PDF
Introduction to OpenFlow
byJoel W. King
 
PDF
Fixed-point arithmetic
byDavid Bařina
 
PPT
Bnc Connectors
byManish Yadav
 
PDF
Configuration of ring topology in packet tracer by Tanjilur Rahman
byTanjilurRahman6
 
PDF
Configuration of bus topology in cisco packet tracer by Tanjilur Rahman
byTanjilurRahman6
 
PPT
Computer Fundamental Network topologies
bysuraj pandey
 
PPTX
Computer network and its topologies
byAyush0734
 
PDF
Data Communication & Computer Networks: Multi level, multi transition & block...
byDr Rajiv Srivastava
 
Introduction to OpenFlow
byJoel W. King
 
Fixed-point arithmetic
byDavid Bařina
 
Bnc Connectors
byManish Yadav
 
Configuration of ring topology in packet tracer by Tanjilur Rahman
byTanjilurRahman6
 
Configuration of bus topology in cisco packet tracer by Tanjilur Rahman
byTanjilurRahman6
 
Computer Fundamental Network topologies
bysuraj pandey
 
Computer network and its topologies
byAyush0734
 
Data Communication & Computer Networks: Multi level, multi transition & block...
byDr Rajiv Srivastava
 

What's hot

PDF
Solutions of sedra and smith
byReaZad IslAm
 
PPTX
Network Protocols KS4
byMelanie Knight
 
PDF
Solution modern digital-& analog-communications-systems-b-p-lathi
byFawad Masood
 
PDF
Cs8591 Computer Networks - UNIT V
bypkaviya
 
PPTX
Operation of Ping - (Computer Networking)
byJubayer Al Mahmud
 
PDF
Iptables Configuration
bystom123
 
PPTX
Evolution of network - computer networks
bySabarishSanjeevi
 
DOCX
Final networks lab manual
byJaya Prasanna
 
PPT
Network topolgy
byyasir arshad
 
PPT
1. computer networks u1 ver 1.0
byDr. C.V. Suresh Babu
 
PPTX
Error Control In Network Layer
byAhtesham Ullah khan
 
PDF
DSP_2018_FOEHU - Lec 02 - Sampling of Continuous Time Signals
byAmr E. Mohamed
 
PDF
Signals and systems( chapter 1)
byFariza Zahari
 
PPTX
Wireless LAN
byKannanKrishnana
 
PPTX
Parity check(Error Detecting Codes)
byImesha Perera
 
PPT
TFTP
byAkshay Thakur
 
PDF
Theory Communication
byHikari Riten
 
PPT
Circuit and packet_switching
byhoanv
 
DOCX
Bus Topology Design in Cisco Packet Tracer
byMD. Naimur Rahman
 
PDF
Networking Lab Report
bySyed Ahmed Zaki
 
Solutions of sedra and smith
byReaZad IslAm
 
Network Protocols KS4
byMelanie Knight
 
Solution modern digital-& analog-communications-systems-b-p-lathi
byFawad Masood
 
Cs8591 Computer Networks - UNIT V
bypkaviya
 
Operation of Ping - (Computer Networking)
byJubayer Al Mahmud
 
Iptables Configuration
bystom123
 
Evolution of network - computer networks
bySabarishSanjeevi
 
Final networks lab manual
byJaya Prasanna
 
Network topolgy
byyasir arshad
 
1. computer networks u1 ver 1.0
byDr. C.V. Suresh Babu
 
Error Control In Network Layer
byAhtesham Ullah khan
 
DSP_2018_FOEHU - Lec 02 - Sampling of Continuous Time Signals
byAmr E. Mohamed
 
Signals and systems( chapter 1)
byFariza Zahari
 
Wireless LAN
byKannanKrishnana
 
Parity check(Error Detecting Codes)
byImesha Perera
 
TFTP
byAkshay Thakur
 
Theory Communication
byHikari Riten
 
Circuit and packet_switching
byhoanv
 
Bus Topology Design in Cisco Packet Tracer
byMD. Naimur Rahman
 
Networking Lab Report
bySyed Ahmed Zaki
 

Viewers also liked

PPT
Wireshark Basics
byYoram Orzach
 
PPTX
Wireshark
bybtohara
 
PDF
Wireshark Traffic Analysis
byDavid Sweigert
 
PDF
Deep Packet Inspection (DPI) Test Methodology
byIxia
 
PPTX
Network Packet Analysis with Wireshark
byJim Gilsinn
 
PPTX
Deep Packet Inspection technology evolution
byDaniel Vinyar
 
PPTX
Debugging with Fiddler
byIdo Flatow
 
PDF
DPI BOX: deep packet inspection for ISP traffic management
byIlya Mikov
 
PPTX
Capturing Network Traffic into Database
byTigran Tsaturyan
 
PDF
Network Security and Analysis with Python
bypycontw
 
PPTX
Vineyard Networks Product Overview
bylaurenjthomson
 
PDF
Bdd (Behavior Driven Development)
byHelder De Oliveira
 
PPTX
Testing Java EE apps with Arquillian
byIvan Ivanov
 
PDF
Testing Microservices with a Citrus twist
bychristophd
 
PPT
Nss Labs Dpi Intro V3
bygueste47133
 
PPT
2015 02 24 lmtv baselining
byTony Fortunato
 
PPTX
2015 03 06 lmtv wtf http webcast
byTony Fortunato
 
PDF
Traffic types in internet
bySrinivas Dabbeeru
 
PDF
Capybara testing
byFutureworkz
 
PDF
Lunch and learn: Cucumber and Capybara
byMarc Seeger
 
Wireshark Basics
byYoram Orzach
 
Wireshark
bybtohara
 
Wireshark Traffic Analysis
byDavid Sweigert
 
Deep Packet Inspection (DPI) Test Methodology
byIxia
 
Network Packet Analysis with Wireshark
byJim Gilsinn
 
Deep Packet Inspection technology evolution
byDaniel Vinyar
 
Debugging with Fiddler
byIdo Flatow
 
DPI BOX: deep packet inspection for ISP traffic management
byIlya Mikov
 
Capturing Network Traffic into Database
byTigran Tsaturyan
 
Network Security and Analysis with Python
bypycontw
 
Vineyard Networks Product Overview
bylaurenjthomson
 
Bdd (Behavior Driven Development)
byHelder De Oliveira
 
Testing Java EE apps with Arquillian
byIvan Ivanov
 
Testing Microservices with a Citrus twist
bychristophd
 
Nss Labs Dpi Intro V3
bygueste47133
 
2015 02 24 lmtv baselining
byTony Fortunato
 
2015 03 06 lmtv wtf http webcast
byTony Fortunato
 
Traffic types in internet
bySrinivas Dabbeeru
 
Capybara testing
byFutureworkz
 
Lunch and learn: Cucumber and Capybara
byMarc Seeger
 

Similar to CapAnalysis - Deep Packet Inspection

PPTX
Wireshark, Tcpdump and Network Performance tools
bySachidananda Sahu
 
PPTX
Wireshark Packet Analyzer.pptx
byCarlos González García, PMP®
 
PPTX
Packet analysis using wireshark
byBasaveswar Kureti
 
PPTX
Open source network forensics and advanced pcap analysis
byGTKlondike
 
PPTX
Applied Detection and Analysis Using Flow Data - MIRCon 2014
bychrissanders88
 
PDF
Network traffic analysis course
byTECHNOLOGY CONTROL CO.
 
PDF
Wireshark lecture
byBhupesh Rawat
 
PPTX
Wireshark
byantivirusspam
 
PDF
wireshark.pdf
byssuserafc27c
 
PPT
wiresharktslecturev10006july2009-12501942038813-phpapp03.ppt
byRohitAhuja58
 
PPT
Traffic-Monitoring.ppt
byssuser0a05422
 
PPT
Traffic-Monitoring.ppt
byToffeeLomerz
 
PDF
Unit 2.3 Introduction to Cyber Security Tools and Environment.pdf
byChatanBawankar
 
PDF
Wireshark lecture
byBhupesh Rawat
 
PDF
Ferramenta de análise de rede para windows e linux
byRenatoAlves851496
 
PDF
Uccn1003 may10 - lab 08 - wireshark analysis of trace files - answer-update...
byShu Shin
 
PDF
Uccn1003 may10 - lab 08 - wireshark analysis of trace files - answer-update...
byShu Shin
 
PPT
Traffic monitoring
byRadu Galbenu
 
PPT
Traffic-Monitoring.ppt
bySenthil Vit
 
PDF
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security
byAPNIC
 
Wireshark, Tcpdump and Network Performance tools
bySachidananda Sahu
 
Wireshark Packet Analyzer.pptx
byCarlos González García, PMP®
 
Packet analysis using wireshark
byBasaveswar Kureti
 
Open source network forensics and advanced pcap analysis
byGTKlondike
 
Applied Detection and Analysis Using Flow Data - MIRCon 2014
bychrissanders88
 
Network traffic analysis course
byTECHNOLOGY CONTROL CO.
 
Wireshark lecture
byBhupesh Rawat
 
Wireshark
byantivirusspam
 
wireshark.pdf
byssuserafc27c
 
wiresharktslecturev10006july2009-12501942038813-phpapp03.ppt
byRohitAhuja58
 
Traffic-Monitoring.ppt
byssuser0a05422
 
Traffic-Monitoring.ppt
byToffeeLomerz
 
Unit 2.3 Introduction to Cyber Security Tools and Environment.pdf
byChatanBawankar
 
Wireshark lecture
byBhupesh Rawat
 
Ferramenta de análise de rede para windows e linux
byRenatoAlves851496
 
Uccn1003 may10 - lab 08 - wireshark analysis of trace files - answer-update...
byShu Shin
 
Uccn1003 may10 - lab 08 - wireshark analysis of trace files - answer-update...
byShu Shin
 
Traffic monitoring
byRadu Galbenu
 
Traffic-Monitoring.ppt
bySenthil Vit
 
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security
byAPNIC
 

Recently uploaded

PDF
Guided Substation Engineering with CoMPAS: Simplifying IEC 61850
byDanBrown980551
 
PDF
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
PDF
Digit Expo 2025 - EICC Edinburgh 27th November
byRay Bugg
 
DOCX
Introduction to the World of Computers (Hardware & Software)
byALIABBAS ABASOV
 
PDF
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
PDF
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
PDF
Usage Control for Process Discovery through a Trusted Execution Environment
byValerioGoretti
 
PPTX
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
PPTX
The Landscape of Computer Software Development Companies
byYash Singh
 
PDF
Knowing and Doing: Knowledge graphs, AI, and work
bymarainglezakis1
 
PDF
Empowering Productivity with Clever Prompts and Intelligent Agents
byUni Systems S.M.S.A.
 
PDF
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
PDF
Zero Trust & Defense-in-Depth: The Future of Critical Infrastructure Security
byYasir Naveed Riaz
 
PDF
Safeguarding AI-Based Financial Infrastructure
byYasir Naveed Riaz
 
PPTX
Ethics in AI - Artificial Intelligence Fundamentals.pptx
byemenyiblessing
 
PDF
How Mobile Apps Are Shaping the Future of Digital Innovation
byWilliam Taylor
 
PDF
Ransomware_Resilience_Strategic_Playbook.pdf
byAfonso Henrique Rodrigues Alves
 
PDF
Incident Response Planning with a Foundation Model
byKim Hammar
 
PDF
API206-S: Transforming Supply Chains with Amazon Bedrock AgentCore - AWS re:I...
byChris Bingham
 
PDF
8 LLM Surveys https://tinyurl.com/bdz8e6fp
byBob Marcus
 
Guided Substation Engineering with CoMPAS: Simplifying IEC 61850
byDanBrown980551
 
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
Digit Expo 2025 - EICC Edinburgh 27th November
byRay Bugg
 
Introduction to the World of Computers (Hardware & Software)
byALIABBAS ABASOV
 
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
Usage Control for Process Discovery through a Trusted Execution Environment
byValerioGoretti
 
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
The Landscape of Computer Software Development Companies
byYash Singh
 
Knowing and Doing: Knowledge graphs, AI, and work
bymarainglezakis1
 
Empowering Productivity with Clever Prompts and Intelligent Agents
byUni Systems S.M.S.A.
 
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
Zero Trust & Defense-in-Depth: The Future of Critical Infrastructure Security
byYasir Naveed Riaz
 
Safeguarding AI-Based Financial Infrastructure
byYasir Naveed Riaz
 
Ethics in AI - Artificial Intelligence Fundamentals.pptx
byemenyiblessing
 
How Mobile Apps Are Shaping the Future of Digital Innovation
byWilliam Taylor
 
Ransomware_Resilience_Strategic_Playbook.pdf
byAfonso Henrique Rodrigues Alves
 
Incident Response Planning with a Foundation Model
byKim Hammar
 
API206-S: Transforming Supply Chains with Amazon Bedrock AgentCore - AWS re:I...
byChris Bingham
 
8 LLM Surveys https://tinyurl.com/bdz8e6fp
byBob Marcus
 

CapAnalysis - Deep Packet Inspection

  • 1.
    For wireless investigations User guide for capture analysis TCP & UDP Flows – deep packet inspection By Chris Harrington
  • 2.
     CapAnalysis runsin Linux OS (x32/x64) ◦ Debian based  Pcap viewer  Analyze TCP & UDP streams  Supports multiple datasets  Performs deep packet inspection  Reporting and presentation capabilities  Using Kali Linux running in VMware workstation for this guide
  • 3.
     Two packagesneed to be installed ◦ php5-sqlite ◦ php-mdb2-driver-pgsql Command: apt-get install php5-sqlite apt-get install php-mdb2-driver-pgsql  Restart apache service  Start CapAnalysis and Postgresql
  • 4.
  • 5.
     Create adataset for suspect’s case
  • 6.
  • 7.
     Add capturefiles to analyze
  • 8.
  • 9.
     Via netcat Command: cat <pcapfile> | nc ::1 30001
  • 10.
     Click ondataset name to enter analysis
  • 11.
     Powerful filtersare available for quick analysis. Use them for refined analysis
  • 12.
    Filter elements Filterfiles Filter IP/Ports Filter protocols Filter country Filter data size Filter date or time Filter elements Filter files Filter protocols Filter IP/Ports Filter country Filter data size Filter date or time
  • 13.
     Displays allUDP & TCP streams
  • 14.
     Displays protocolsused in dataset flows ◦ by country or by data type
  • 15.
     Statistics overviewof dataset ◦ Quickly identify key information
  • 16.
     Timeline viewof distribution of data  Intervals can be set (minimum 5 minutes)
  • 17.
     Map viewof flows, data received and sent ◦ Interactive map
  • 18.
     Displaying allsource and destination IPs  clicking on an IP will give detailed overview of that IP
  • 19.
     Chart viewof protocols identification from dataset Click here for different data types Mouse over
  • 20.
     Timeline displayfrom dataset Remember to use filters
  • 21.
     Use advancedfilters for refining analysis  Reporting and presentation capabilities ◦ Easy to understand for non technical stakeholders  Timelines  Dissecting TCP and UDP streams  Time saving  Cost effective  Geolocation of all connections  Upload datasets with NetCat (scripting possibilities?)
  • 22.
     My contactdetails  C.k.harrington@gmail.com