SlideShare a Scribd company logo

Pattern-Oriented Network Trace Analysis

Dmitry Vostokov
Dmitry Vostokov

Software Narratology found its successful application in software diagnostics of abnormal software behavior, especially in the pattern-driven and pattern-based analysis of software logs from complex systems with millions of events, thousands of threads, hundreds of processes and modules. This is the full transcript of Software Diagnostics Services seminar (27th of June 2013) about the new application of software narratology to network trace analysis with examples from Wireshark. Topics include: A Narrative Interpretation of Wireshark, Definitions of Software Diagnostics and Diagnostic Pattern, Pattern Orientation and Pattern Catalog Classification, Trace and Log Analysis Patterns, Definitions of Software Narrative, Software and Network Traces, Network Trace Analysis as A Part of Software Trace Analysis, Trace Maps, Name Resolution, Trace Presentation, Minimal Trace Graphs, Pattern-Driven and Pattern-Based Analysis, Trace and Log Pattern Classification, Discussion of 20 Selected Patterns.

Software
1 of 49
Download to read offline
Network Trace Analysis Dmitry Vostokov Software Diagnostics Services Version 1.0 Facebook LinkedIn Twitter
Wireshark Hark  Listen (to) “Hark! There’s the big bombardment.”  Speak in one’s ear; whisper Shorter Oxford English Dictionary Hark back (idiom)  To return to a previous point, as in a narrative http://www.thefreedictionary.com/hark © 2013 Software Diagnostics Services
Prerequisites  Interest in software diagnostics, troubleshooting, debugging and network trace analysis  Experience in network trace analysis using Wireshark or Network Monitor © 2013 Software Diagnostics Services
Why?  A common diagnostics language  Network diagnostics as software diagnostics © 2013 Software Diagnostics Services
Software Diagnostics A discipline studying abnormal software structure and behavior in software execution artifacts (such as memory dumps, software and network traces and logs) using pattern-driven, systemic and pattern-based analysis methodologies. © 2013 Software Diagnostics Services
Diagnostics Pattern A common recurrent identifiable problem together with a set of recommendations and possible solutions to apply in a specific context. © 2013 Software Diagnostics Services
Pattern Orientation © 2013 Software Diagnostics Services Pattern-driven  Finding patterns in software artefacts  Using checklists and pattern catalogs Pattern-based  Pattern catalog evolution  Catalog packaging and delivery
Catalog Classification  By abstraction Meta-patterns  By artifact type Software Log* Memory Dump Network Trace*  By story type Problem Description Software Disruption UI Problem  By intention Malware © 2013 Software Diagnostics Services
Traces and Logs © 2013 Software Diagnostics Services
Trace and Log Patterns © 2013 Software Diagnostics Services
Software Narrative A temporal sequence of events related to software execution. © 2013 Software Diagnostics Services
Software Trace © 2013 Software Diagnostics Services  A sequence of formatted messages  Arranged by time  A narrative story
Network Trace © 2013 Software Diagnostics Services  A sequence of formatted packets as trace messages  Arranged by time  A narrative story
Network Trace Analysis © 2013 Software Diagnostics Services Software Trace Analysis Patterns Network Trace Analysis Patterns
Capture Tool Placing  Sniffer placing  Process Monitor placing © 2013 Software Diagnostics Services
Trace Maps  Network map  Deployment architecture map © 2013 Software Diagnostics Services
Name Resolution  MAC -> IP and IP -> DNS  PID -> process name © 2013 Software Diagnostics Services
Trace Presentation © 2013 Software Diagnostics Services Full Trace (Story, Fable, Fabula) Trace 1 (Plot, Sujet) Trace 2 (Plot, Sujet) Trace 3 (Plot, Sujet) Trace 4 (Plot, Sujet) Trace 5 (Plot, Sujet) Trace Presentation A (Discourse) Trace Presentation B (Discourse) Trace Presentation C (Discourse)
Minimal Trace Graphs © 2013 Software Diagnostics Services Time # Src Dst Time Message
Pattern-Driven Analysis © 2013 Software Diagnostics Services Logs Checklists Patterns Action
Pattern-Based Analysis © 2013 Software Diagnostics Services Software Trace New Pattern Discovery Pattern Catalog + Usage
Pattern Classification © 2013 Software Diagnostics Services  Vocabulary  Error  Trace as a Whole  Large Scale  Activity  Message  Block  Trace Set
Reference and Course © 2013 Software Diagnostics Services  Catalog from Software Diagnostics Library Software Trace Analysis Patterns  Free reference graphical slides Accelerated-Windows-Software-Trace-Analysis-Public.pdf  Training course* Accelerated Windows Software Trace Analysis * Available as a full color paperback book, PDF book, on SkillsSoft Books 24x7. Recording is available for all book formats
Selected Patterns © 2013 Software Diagnostics Services
Master Trace Normal network capture © 2013 Software Diagnostics Services Pattern Category Trace Set
Message Current Packets/s © 2013 Software Diagnostics Services Time # Src Dst Time Message Time # Src Dst Time Message 10.100 10.200 10.100 12.100 J1 > J2 Pattern Category Trace as a Whole
Message Density D1 > D2 © 2013 Software Diagnostics Services Time # Src Dst Time Message Pattern Category Trace as a Whole
Characteristic Block D1 < D2 L1 > L2 © 2013 Software Diagnostics Services Time # Src Dst Time Message Pattern Category Large Scale
Example © 2013 Software Diagnostics Services
Thread of Activity © 2013 Software Diagnostics Services Pattern Category Activity Time # Src Dst Time Message Time # Src Dst Time Message
Adjoint Thread Filtered by:  Source  Destination  Protocol  Message  Expression © 2013 Software Diagnostics Services Pattern Category Activity Time # Src Dst Time Message Time # Src Dst Time Message
No Activity © 2013 Software Diagnostics Services Time # Src Dst Time Message We messages from other servers but only see our own traffic Pattern Category Activity
Discontinuity © 2013 Software Diagnostics Services Pattern Category Activity Time # Src Dst Time Message Time # Src Dst Time Message
Dialog Conversation between 2 endpoints © 2013 Software Diagnostics Services Time # Src Dst Time Message
Significant Event Time Reference feature in Wireshark © 2013 Software Diagnostics Services Time # Src Dst Time Message Pattern Category Message
Marked Messages Marked Packets feature in Wireshark © 2013 Software Diagnostics Services Annotated messages: session initialization [+] session tear-off [-] port A activity [+] port B activity [-] protocol C used [-] address D used [-] [+] activity is present in a trace [-] activity is undetected or not present Pattern Category Message
Partition Connection initiation (Prologue) and termination (Epilogue) © 2013 Software Diagnostics Services Tail Epilogue Head Time Prologue Core # Src Dst Time Message Pattern Category Trace as a Whole
Inter-Correlation  Several packet sniffers at once  Internal and external views Process Monitor log + network trace © 2013 Software Diagnostics Services Pattern Category Trace Set
Circular Trace © 2013 Software Diagnostics Services Pattern Category Trace as a Whole Time # Src Dst Time Message Problem Repro
Split Trace © 2013 Software Diagnostics Services Pattern Category Trace Set Time # Src Dst Time Message # PID TID Time Message # PID TID Time Message
Paratext Info column in Wireshark © 2013 Software Diagnostics Services
Frames OSI, TCP/IP Layers © 2013 Software Diagnostics Services Time # Src Dst Time Message Pattern Category Large Scale
Visibility Limit Visibility window for sniffing © 2013 Software Diagnostics Services PC 1 PC 2 PC 3 sniffer Pattern Category Trace as a Whole
Incomplete History  Packet loss  Missing ACK © 2013 Software Diagnostics Services
Possible New Patterns  Full Trace (promiscuous mode)  Embedded Message (PDU chain, protocol data unit, packet)  Ordered Message (TCP/IP sequence numbers)  Illegal Message (sniffed with illegally obtained privileges)  Dual Trace (in / out, duplex) © 2013 Software Diagnostics Services
Further Reading  Practical Packet Analysis, 2nd edition, by Chris Sanders  Software Diagnostics Institute  Memory Dump Analysis Anthology: Volumes 3, 4, 5, 6, … Volume 7 is in preparation (July, 2013)  Introduction to Software Narratology  Malware Narratives © 2013 Software Diagnostics Services
What’s Next? © 2013 Software Diagnostics Services  Accelerated Network Trace Analysis  Generative Software Narratology  Pattern-Oriented Hardware Signal Analysis
Q&A Please send your feedback using the contact form on DumpAnalysis.com © 2013 Software Diagnostics Services
Thank you for attendance! © 2013 Software Diagnostics Services Facebook LinkedIn Twitter

Recommended

sDDS: An Adaptable DDS Solution for Wireless Sensor Networks
sDDS: An Adaptable DDS Solution for Wireless Sensor NetworkssDDS: An Adaptable DDS Solution for Wireless Sensor Networks
sDDS: An Adaptable DDS Solution for Wireless Sensor Networks
Real-Time Innovations (RTI)
 
State of the art parallel approaches for
State of the art parallel approaches forState of the art parallel approaches for
State of the art parallel approaches for
ijcsa
 
Survey of Different DNA Cryptography based Algorithms
Survey of Different DNA Cryptography based AlgorithmsSurvey of Different DNA Cryptography based Algorithms
Survey of Different DNA Cryptography based Algorithms
IRJET Journal
 
Signpost at FOCI 2013
Signpost at FOCI 2013Signpost at FOCI 2013
Signpost at FOCI 2013
Amir Chaudhry
 
Network Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using WiresharkNetwork Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using Wireshark
n|u - The Open Security Community
 
Java Abs Scalable Wireless Ad Hoc Network Simulation Using
Java Abs Scalable Wireless Ad Hoc Network Simulation UsingJava Abs Scalable Wireless Ad Hoc Network Simulation Using
Java Abs Scalable Wireless Ad Hoc Network Simulation Using
ncct
 
G43053847
G43053847G43053847
G43053847
IJERA Editor
 
Performance evaluation of Hard and Soft Wimax by using PGP and PKM protocols ...
Performance evaluation of Hard and Soft Wimax by using PGP and PKM protocols ...Performance evaluation of Hard and Soft Wimax by using PGP and PKM protocols ...
Performance evaluation of Hard and Soft Wimax by using PGP and PKM protocols ...
IOSR Journals
 

Recommended

sDDS: An Adaptable DDS Solution for Wireless Sensor Networks
sDDS: An Adaptable DDS Solution for Wireless Sensor NetworkssDDS: An Adaptable DDS Solution for Wireless Sensor Networks
sDDS: An Adaptable DDS Solution for Wireless Sensor Networks
Real-Time Innovations (RTI)
 
State of the art parallel approaches for
State of the art parallel approaches forState of the art parallel approaches for
State of the art parallel approaches for
ijcsa
 
Survey of Different DNA Cryptography based Algorithms
Survey of Different DNA Cryptography based AlgorithmsSurvey of Different DNA Cryptography based Algorithms
Survey of Different DNA Cryptography based Algorithms
IRJET Journal
 
Signpost at FOCI 2013
Signpost at FOCI 2013Signpost at FOCI 2013
Signpost at FOCI 2013
Amir Chaudhry
 
Network Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using WiresharkNetwork Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using Wireshark
n|u - The Open Security Community
 
Java Abs Scalable Wireless Ad Hoc Network Simulation Using
Java Abs Scalable Wireless Ad Hoc Network Simulation UsingJava Abs Scalable Wireless Ad Hoc Network Simulation Using
Java Abs Scalable Wireless Ad Hoc Network Simulation Using
ncct
 
G43053847
G43053847G43053847
G43053847
IJERA Editor
 
Performance evaluation of Hard and Soft Wimax by using PGP and PKM protocols ...
Performance evaluation of Hard and Soft Wimax by using PGP and PKM protocols ...Performance evaluation of Hard and Soft Wimax by using PGP and PKM protocols ...
Performance evaluation of Hard and Soft Wimax by using PGP and PKM protocols ...
IOSR Journals
 
IRJET- Data Security in Network Flow using Obfuscation Technique
IRJET- Data Security in Network Flow using Obfuscation TechniqueIRJET- Data Security in Network Flow using Obfuscation Technique
IRJET- Data Security in Network Flow using Obfuscation Technique
IRJET Journal
 
Nwc rsa
Nwc rsaNwc rsa
Nwc rsa
anupamnm
 
(130511) #fitalk network forensics and its role and scope
(130511) #fitalk network forensics and its role and scope(130511) #fitalk network forensics and its role and scope
(130511) #fitalk network forensics and its role and scope
INSIGHT FORENSIC
 
An4101227230
An4101227230An4101227230
An4101227230
IJERA Editor
 
IRJET- Estimating Various DHT Protocols
IRJET- Estimating Various DHT ProtocolsIRJET- Estimating Various DHT Protocols
IRJET- Estimating Various DHT Protocols
IRJET Journal
 
Markle Tree Based Authentication Protocol for Lifetime Enhancement in Wireles...
Markle Tree Based Authentication Protocol for Lifetime Enhancement in Wireles...Markle Tree Based Authentication Protocol for Lifetime Enhancement in Wireles...
Markle Tree Based Authentication Protocol for Lifetime Enhancement in Wireles...
Eswar Publications
 
DETECTION OF ALGORITHMICALLY GENERATED MALICIOUS DOMAIN
DETECTION OF ALGORITHMICALLY GENERATED MALICIOUS DOMAINDETECTION OF ALGORITHMICALLY GENERATED MALICIOUS DOMAIN
DETECTION OF ALGORITHMICALLY GENERATED MALICIOUS DOMAIN
cscpconf
 
DoS Forensic Exemplar Comparison to a Known Sample
DoS Forensic Exemplar Comparison to a Known SampleDoS Forensic Exemplar Comparison to a Known Sample
DoS Forensic Exemplar Comparison to a Known Sample
CSCJournals
 
Detection of application layer ddos attack using hidden semi markov model (20...
Detection of application layer ddos attack using hidden semi markov model (20...Detection of application layer ddos attack using hidden semi markov model (20...
Detection of application layer ddos attack using hidden semi markov model (20...
Mumbai Academisc
 
BasepaperControlling IP Spoofing through Interdomain Packet Filters
BasepaperControlling IP Spoofing through Interdomain Packet FiltersBasepaperControlling IP Spoofing through Interdomain Packet Filters
BasepaperControlling IP Spoofing through Interdomain Packet Filters
bhasker nalaveli
 
Controlling ip spoofing through inter domain packet filters(synopsis)
Controlling ip spoofing through inter domain packet filters(synopsis)Controlling ip spoofing through inter domain packet filters(synopsis)
Controlling ip spoofing through inter domain packet filters(synopsis)
Mumbai Academisc
 
An analysis of the skype peer to-peer
An analysis of the skype peer to-peerAn analysis of the skype peer to-peer
An analysis of the skype peer to-peer
xiaoran815
 
An experimental study of the skype peer to-peer vo ip system
An experimental study of the skype peer to-peer vo ip systemAn experimental study of the skype peer to-peer vo ip system
An experimental study of the skype peer to-peer vo ip system
xiaoran815
 
An enhanced ip traceback mechanism for tracking the attack source using packe...
An enhanced ip traceback mechanism for tracking the attack source using packe...An enhanced ip traceback mechanism for tracking the attack source using packe...
An enhanced ip traceback mechanism for tracking the attack source using packe...
IAEME Publication
 
1670 1673
1670 16731670 1673
1670 1673
Editor IJARCET
 
Ijnsa050211
Ijnsa050211Ijnsa050211
Ijnsa050211
IJNSA Journal
 
Authentication in Different Scenarios
Authentication in Different ScenariosAuthentication in Different Scenarios
Authentication in Different Scenarios
Raj Sikarwar
 
Content aware p2 p video streaming with lowlatency
Content aware p2 p video streaming with lowlatencyContent aware p2 p video streaming with lowlatency
Content aware p2 p video streaming with lowlatency
xiaoran815
 
Linguistic Passphrase Cracking
Linguistic Passphrase CrackingLinguistic Passphrase Cracking
Linguistic Passphrase Cracking
Priyanka Aash
 
Malware Narratives
Malware NarrativesMalware Narratives
Malware Narratives
Dmitry Vostokov
 
Distributed Systems: How to connect your real-time applications
Distributed Systems: How to connect your real-time applicationsDistributed Systems: How to connect your real-time applications
Distributed Systems: How to connect your real-time applications
Jaime Martin Losa
 
DDS Enabling Open Architecture
DDS Enabling Open ArchitectureDDS Enabling Open Architecture
DDS Enabling Open Architecture
Real-Time Innovations (RTI)
 

More Related Content

What's hot

IRJET- Data Security in Network Flow using Obfuscation Technique
IRJET- Data Security in Network Flow using Obfuscation TechniqueIRJET- Data Security in Network Flow using Obfuscation Technique
IRJET- Data Security in Network Flow using Obfuscation Technique
IRJET Journal
 
Nwc rsa
Nwc rsaNwc rsa
Nwc rsa
anupamnm
 
(130511) #fitalk network forensics and its role and scope
(130511) #fitalk network forensics and its role and scope(130511) #fitalk network forensics and its role and scope
(130511) #fitalk network forensics and its role and scope
INSIGHT FORENSIC
 
An4101227230
An4101227230An4101227230
An4101227230
IJERA Editor
 
IRJET- Estimating Various DHT Protocols
IRJET- Estimating Various DHT ProtocolsIRJET- Estimating Various DHT Protocols
IRJET- Estimating Various DHT Protocols
IRJET Journal
 
Markle Tree Based Authentication Protocol for Lifetime Enhancement in Wireles...
Markle Tree Based Authentication Protocol for Lifetime Enhancement in Wireles...Markle Tree Based Authentication Protocol for Lifetime Enhancement in Wireles...
Markle Tree Based Authentication Protocol for Lifetime Enhancement in Wireles...
Eswar Publications
 
DETECTION OF ALGORITHMICALLY GENERATED MALICIOUS DOMAIN
DETECTION OF ALGORITHMICALLY GENERATED MALICIOUS DOMAINDETECTION OF ALGORITHMICALLY GENERATED MALICIOUS DOMAIN
DETECTION OF ALGORITHMICALLY GENERATED MALICIOUS DOMAIN
cscpconf
 
DoS Forensic Exemplar Comparison to a Known Sample
DoS Forensic Exemplar Comparison to a Known SampleDoS Forensic Exemplar Comparison to a Known Sample
DoS Forensic Exemplar Comparison to a Known Sample
CSCJournals
 
Detection of application layer ddos attack using hidden semi markov model (20...
Detection of application layer ddos attack using hidden semi markov model (20...Detection of application layer ddos attack using hidden semi markov model (20...
Detection of application layer ddos attack using hidden semi markov model (20...
Mumbai Academisc
 
BasepaperControlling IP Spoofing through Interdomain Packet Filters
BasepaperControlling IP Spoofing through Interdomain Packet FiltersBasepaperControlling IP Spoofing through Interdomain Packet Filters
BasepaperControlling IP Spoofing through Interdomain Packet Filters
bhasker nalaveli
 
Controlling ip spoofing through inter domain packet filters(synopsis)
Controlling ip spoofing through inter domain packet filters(synopsis)Controlling ip spoofing through inter domain packet filters(synopsis)
Controlling ip spoofing through inter domain packet filters(synopsis)
Mumbai Academisc
 
An analysis of the skype peer to-peer
An analysis of the skype peer to-peerAn analysis of the skype peer to-peer
An analysis of the skype peer to-peer
xiaoran815
 
An experimental study of the skype peer to-peer vo ip system
An experimental study of the skype peer to-peer vo ip systemAn experimental study of the skype peer to-peer vo ip system
An experimental study of the skype peer to-peer vo ip system
xiaoran815
 
An enhanced ip traceback mechanism for tracking the attack source using packe...
An enhanced ip traceback mechanism for tracking the attack source using packe...An enhanced ip traceback mechanism for tracking the attack source using packe...
An enhanced ip traceback mechanism for tracking the attack source using packe...
IAEME Publication
 
1670 1673
1670 16731670 1673
1670 1673
Editor IJARCET
 
Ijnsa050211
Ijnsa050211Ijnsa050211
Ijnsa050211
IJNSA Journal
 
Authentication in Different Scenarios
Authentication in Different ScenariosAuthentication in Different Scenarios
Authentication in Different Scenarios
Raj Sikarwar
 
Content aware p2 p video streaming with lowlatency
Content aware p2 p video streaming with lowlatencyContent aware p2 p video streaming with lowlatency
Content aware p2 p video streaming with lowlatency
xiaoran815
 
Linguistic Passphrase Cracking
Linguistic Passphrase CrackingLinguistic Passphrase Cracking
Linguistic Passphrase Cracking
Priyanka Aash
 

What's hot (19)

IRJET- Data Security in Network Flow using Obfuscation Technique
IRJET- Data Security in Network Flow using Obfuscation TechniqueIRJET- Data Security in Network Flow using Obfuscation Technique
IRJET- Data Security in Network Flow using Obfuscation Technique
 
Nwc rsa
Nwc rsaNwc rsa
Nwc rsa
 
(130511) #fitalk network forensics and its role and scope
(130511) #fitalk network forensics and its role and scope(130511) #fitalk network forensics and its role and scope
(130511) #fitalk network forensics and its role and scope
 
An4101227230
An4101227230An4101227230
An4101227230
 
IRJET- Estimating Various DHT Protocols
IRJET- Estimating Various DHT ProtocolsIRJET- Estimating Various DHT Protocols
IRJET- Estimating Various DHT Protocols
 
Markle Tree Based Authentication Protocol for Lifetime Enhancement in Wireles...
Markle Tree Based Authentication Protocol for Lifetime Enhancement in Wireles...Markle Tree Based Authentication Protocol for Lifetime Enhancement in Wireles...
Markle Tree Based Authentication Protocol for Lifetime Enhancement in Wireles...
 
DETECTION OF ALGORITHMICALLY GENERATED MALICIOUS DOMAIN
DETECTION OF ALGORITHMICALLY GENERATED MALICIOUS DOMAINDETECTION OF ALGORITHMICALLY GENERATED MALICIOUS DOMAIN
DETECTION OF ALGORITHMICALLY GENERATED MALICIOUS DOMAIN
 
DoS Forensic Exemplar Comparison to a Known Sample
DoS Forensic Exemplar Comparison to a Known SampleDoS Forensic Exemplar Comparison to a Known Sample
DoS Forensic Exemplar Comparison to a Known Sample
 
Detection of application layer ddos attack using hidden semi markov model (20...
Detection of application layer ddos attack using hidden semi markov model (20...Detection of application layer ddos attack using hidden semi markov model (20...
Detection of application layer ddos attack using hidden semi markov model (20...
 
BasepaperControlling IP Spoofing through Interdomain Packet Filters
BasepaperControlling IP Spoofing through Interdomain Packet FiltersBasepaperControlling IP Spoofing through Interdomain Packet Filters
BasepaperControlling IP Spoofing through Interdomain Packet Filters
 
Controlling ip spoofing through inter domain packet filters(synopsis)
Controlling ip spoofing through inter domain packet filters(synopsis)Controlling ip spoofing through inter domain packet filters(synopsis)
Controlling ip spoofing through inter domain packet filters(synopsis)
 
An analysis of the skype peer to-peer
An analysis of the skype peer to-peerAn analysis of the skype peer to-peer
An analysis of the skype peer to-peer
 
An experimental study of the skype peer to-peer vo ip system
An experimental study of the skype peer to-peer vo ip systemAn experimental study of the skype peer to-peer vo ip system
An experimental study of the skype peer to-peer vo ip system
 
An enhanced ip traceback mechanism for tracking the attack source using packe...
An enhanced ip traceback mechanism for tracking the attack source using packe...An enhanced ip traceback mechanism for tracking the attack source using packe...
An enhanced ip traceback mechanism for tracking the attack source using packe...
 
1670 1673
1670 16731670 1673
1670 1673
 
Ijnsa050211
Ijnsa050211Ijnsa050211
Ijnsa050211
 
Authentication in Different Scenarios
Authentication in Different ScenariosAuthentication in Different Scenarios
Authentication in Different Scenarios
 
Content aware p2 p video streaming with lowlatency
Content aware p2 p video streaming with lowlatencyContent aware p2 p video streaming with lowlatency
Content aware p2 p video streaming with lowlatency
 
Linguistic Passphrase Cracking
Linguistic Passphrase CrackingLinguistic Passphrase Cracking
Linguistic Passphrase Cracking
 

Similar to Pattern-Oriented Network Trace Analysis

Malware Narratives
Malware NarrativesMalware Narratives
Malware Narratives
Dmitry Vostokov
 
Distributed Systems: How to connect your real-time applications
Distributed Systems: How to connect your real-time applicationsDistributed Systems: How to connect your real-time applications
Distributed Systems: How to connect your real-time applications
Jaime Martin Losa
 
DDS Enabling Open Architecture
DDS Enabling Open ArchitectureDDS Enabling Open Architecture
DDS Enabling Open Architecture
Real-Time Innovations (RTI)
 
Resume_Appaji
Resume_AppajiResume_Appaji
Resume_Appaji
Appaji K
 
DDS Advanced Tutorial - OMG June 2013 Berlin Meeting
DDS Advanced Tutorial - OMG June 2013 Berlin MeetingDDS Advanced Tutorial - OMG June 2013 Berlin Meeting
DDS Advanced Tutorial - OMG June 2013 Berlin Meeting
Jaime Martin Losa
 
PinTrace Advanced AWS meetup
PinTrace Advanced AWS meetup PinTrace Advanced AWS meetup
PinTrace Advanced AWS meetup
Suman Karumuri
 
Pattern-Based Software Diagnostics
Pattern-Based Software DiagnosticsPattern-Based Software Diagnostics
Pattern-Based Software Diagnostics
Dmitry Vostokov
 
Protecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperProtecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropper
Shakas Technologies
 
Protecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperProtecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropper
Shakas Technologies
 
Desktop, Embedded and Mobile Apps with Vortex Café
Desktop, Embedded and Mobile Apps with Vortex CaféDesktop, Embedded and Mobile Apps with Vortex Café
Desktop, Embedded and Mobile Apps with Vortex Café
Angelo Corsaro
 
Desktop, Embedded and Mobile Apps with PrismTech Vortex Cafe
Desktop, Embedded and Mobile Apps with PrismTech Vortex CafeDesktop, Embedded and Mobile Apps with PrismTech Vortex Cafe
Desktop, Embedded and Mobile Apps with PrismTech Vortex Cafe
ADLINK Technology IoT
 
Fast RTPS: Programming with the Default Middleware for Robotics Adopted in ROS2
Fast RTPS: Programming with the Default Middleware for Robotics Adopted in ROS2Fast RTPS: Programming with the Default Middleware for Robotics Adopted in ROS2
Fast RTPS: Programming with the Default Middleware for Robotics Adopted in ROS2
Jaime Martin Losa
 
Topic # 16 of outline Managing Network Services.pptx
Topic # 16 of outline Managing Network Services.pptxTopic # 16 of outline Managing Network Services.pptx
Topic # 16 of outline Managing Network Services.pptx
AyeCS11
 
Real Time Java DDS
Real Time Java DDSReal Time Java DDS
Real Time Java DDS
kerush
 
DDS: The IoT Data Sharing Standard
DDS: The IoT Data Sharing StandardDDS: The IoT Data Sharing Standard
DDS: The IoT Data Sharing Standard
Angelo Corsaro
 
Fiware - communicating with ROS robots using Fast RTPS
Fiware - communicating with ROS robots using Fast RTPSFiware - communicating with ROS robots using Fast RTPS
Fiware - communicating with ROS robots using Fast RTPS
Jaime Martin Losa
 
Web Services Discovery for Devices
Web Services Discovery for DevicesWeb Services Discovery for Devices
Web Services Discovery for Devices
Jorgen Thelin
 
2010.hari_kannan.phd_thesis.slides.pdf
2010.hari_kannan.phd_thesis.slides.pdf2010.hari_kannan.phd_thesis.slides.pdf
2010.hari_kannan.phd_thesis.slides.pdf
AlexKarasulu1
 
Fiware: Connecting to robots
Fiware: Connecting to robotsFiware: Connecting to robots
Fiware: Connecting to robots
Jaime Martin Losa
 
Prototype Implementation of a Demand Driven Network Monitoring Architecture
Prototype Implementation of a Demand Driven Network Monitoring ArchitecturePrototype Implementation of a Demand Driven Network Monitoring Architecture
Prototype Implementation of a Demand Driven Network Monitoring Architecture
Augusto Ciuffoletti
 

Similar to Pattern-Oriented Network Trace Analysis (20)

Malware Narratives
Malware NarrativesMalware Narratives
Malware Narratives
 
Distributed Systems: How to connect your real-time applications
Distributed Systems: How to connect your real-time applicationsDistributed Systems: How to connect your real-time applications
Distributed Systems: How to connect your real-time applications
 
DDS Enabling Open Architecture
DDS Enabling Open ArchitectureDDS Enabling Open Architecture
DDS Enabling Open Architecture
 
Resume_Appaji
Resume_AppajiResume_Appaji
Resume_Appaji
 
DDS Advanced Tutorial - OMG June 2013 Berlin Meeting
DDS Advanced Tutorial - OMG June 2013 Berlin MeetingDDS Advanced Tutorial - OMG June 2013 Berlin Meeting
DDS Advanced Tutorial - OMG June 2013 Berlin Meeting
 
PinTrace Advanced AWS meetup
PinTrace Advanced AWS meetup PinTrace Advanced AWS meetup
PinTrace Advanced AWS meetup
 
Pattern-Based Software Diagnostics
Pattern-Based Software DiagnosticsPattern-Based Software Diagnostics
Pattern-Based Software Diagnostics
 
Protecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperProtecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropper
 
Protecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperProtecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropper
 
Desktop, Embedded and Mobile Apps with Vortex Café
Desktop, Embedded and Mobile Apps with Vortex CaféDesktop, Embedded and Mobile Apps with Vortex Café
Desktop, Embedded and Mobile Apps with Vortex Café
 
Desktop, Embedded and Mobile Apps with PrismTech Vortex Cafe
Desktop, Embedded and Mobile Apps with PrismTech Vortex CafeDesktop, Embedded and Mobile Apps with PrismTech Vortex Cafe
Desktop, Embedded and Mobile Apps with PrismTech Vortex Cafe
 
Fast RTPS: Programming with the Default Middleware for Robotics Adopted in ROS2
Fast RTPS: Programming with the Default Middleware for Robotics Adopted in ROS2Fast RTPS: Programming with the Default Middleware for Robotics Adopted in ROS2
Fast RTPS: Programming with the Default Middleware for Robotics Adopted in ROS2
 
Topic # 16 of outline Managing Network Services.pptx
Topic # 16 of outline Managing Network Services.pptxTopic # 16 of outline Managing Network Services.pptx
Topic # 16 of outline Managing Network Services.pptx
 
Real Time Java DDS
Real Time Java DDSReal Time Java DDS
Real Time Java DDS
 
DDS: The IoT Data Sharing Standard
DDS: The IoT Data Sharing StandardDDS: The IoT Data Sharing Standard
DDS: The IoT Data Sharing Standard
 
Fiware - communicating with ROS robots using Fast RTPS
Fiware - communicating with ROS robots using Fast RTPSFiware - communicating with ROS robots using Fast RTPS
Fiware - communicating with ROS robots using Fast RTPS
 
Web Services Discovery for Devices
Web Services Discovery for DevicesWeb Services Discovery for Devices
Web Services Discovery for Devices
 
2010.hari_kannan.phd_thesis.slides.pdf
2010.hari_kannan.phd_thesis.slides.pdf2010.hari_kannan.phd_thesis.slides.pdf
2010.hari_kannan.phd_thesis.slides.pdf
 
Fiware: Connecting to robots
Fiware: Connecting to robotsFiware: Connecting to robots
Fiware: Connecting to robots
 
Prototype Implementation of a Demand Driven Network Monitoring Architecture
Prototype Implementation of a Demand Driven Network Monitoring ArchitecturePrototype Implementation of a Demand Driven Network Monitoring Architecture
Prototype Implementation of a Demand Driven Network Monitoring Architecture
 

More from Dmitry Vostokov

Accelerated Windows Debugging 3 training public slides
Accelerated Windows Debugging 3 training public slidesAccelerated Windows Debugging 3 training public slides
Accelerated Windows Debugging 3 training public slides
Dmitry Vostokov
 
Accelerated .NET Memory Dump Analysis training public slides
Accelerated .NET Memory Dump Analysis training public slidesAccelerated .NET Memory Dump Analysis training public slides
Accelerated .NET Memory Dump Analysis training public slides
Dmitry Vostokov
 
Debugging TV Frame 0x1C
Debugging TV Frame 0x1CDebugging TV Frame 0x1C
Debugging TV Frame 0x1C
Dmitry Vostokov
 
Debugging TV Frame 0x1A
Debugging TV Frame 0x1ADebugging TV Frame 0x1A
Debugging TV Frame 0x1A
Dmitry Vostokov
 
Debugging TV Frame 0x34
Debugging TV Frame 0x34Debugging TV Frame 0x34
Debugging TV Frame 0x34
Dmitry Vostokov
 
Debugging TV Frame 0x33
Debugging TV Frame 0x33Debugging TV Frame 0x33
Debugging TV Frame 0x33
Dmitry Vostokov
 
Debugging TV Frame 0x31
Debugging TV Frame 0x31Debugging TV Frame 0x31
Debugging TV Frame 0x31
Dmitry Vostokov
 
Debugging TV Frame 0x25
Debugging TV Frame 0x25Debugging TV Frame 0x25
Debugging TV Frame 0x25
Dmitry Vostokov
 
Debugging TV Frame 0x24
Debugging TV Frame 0x24Debugging TV Frame 0x24
Debugging TV Frame 0x24
Dmitry Vostokov
 
Debugging TV Frame 0x21
Debugging TV Frame 0x21Debugging TV Frame 0x21
Debugging TV Frame 0x21
Dmitry Vostokov
 
Debugging TV Frame 0x20
Debugging TV Frame 0x20Debugging TV Frame 0x20
Debugging TV Frame 0x20
Dmitry Vostokov
 
Debugging TV Frame 0x19
Debugging TV Frame 0x19Debugging TV Frame 0x19
Debugging TV Frame 0x19
Dmitry Vostokov
 
Debugging TV Frame 0x18
Debugging TV Frame 0x18Debugging TV Frame 0x18
Debugging TV Frame 0x18
Dmitry Vostokov
 
Debugging TV Frame 0x17
Debugging TV Frame 0x17Debugging TV Frame 0x17
Debugging TV Frame 0x17
Dmitry Vostokov
 
Debugging TV Frame 0x16
Debugging TV Frame 0x16Debugging TV Frame 0x16
Debugging TV Frame 0x16
Dmitry Vostokov
 
Debugging TV Frame 0x15
Debugging TV Frame 0x15Debugging TV Frame 0x15
Debugging TV Frame 0x15
Dmitry Vostokov
 
Debugging TV Frame 0x14
Debugging TV Frame 0x14Debugging TV Frame 0x14
Debugging TV Frame 0x14
Dmitry Vostokov
 
Debugging TV Frame 0x13
Debugging TV Frame 0x13Debugging TV Frame 0x13
Debugging TV Frame 0x13
Dmitry Vostokov
 
Debugging TV Frame 0x12
Debugging TV Frame 0x12Debugging TV Frame 0x12
Debugging TV Frame 0x12
Dmitry Vostokov
 
Debugging TV Frame 0x11
Debugging TV Frame 0x11Debugging TV Frame 0x11
Debugging TV Frame 0x11
Dmitry Vostokov
 

More from Dmitry Vostokov (20)

Accelerated Windows Debugging 3 training public slides
Accelerated Windows Debugging 3 training public slidesAccelerated Windows Debugging 3 training public slides
Accelerated Windows Debugging 3 training public slides
 
Accelerated .NET Memory Dump Analysis training public slides
Accelerated .NET Memory Dump Analysis training public slidesAccelerated .NET Memory Dump Analysis training public slides
Accelerated .NET Memory Dump Analysis training public slides
 
Debugging TV Frame 0x1C
Debugging TV Frame 0x1CDebugging TV Frame 0x1C
Debugging TV Frame 0x1C
 
Debugging TV Frame 0x1A
Debugging TV Frame 0x1ADebugging TV Frame 0x1A
Debugging TV Frame 0x1A
 
Debugging TV Frame 0x34
Debugging TV Frame 0x34Debugging TV Frame 0x34
Debugging TV Frame 0x34
 
Debugging TV Frame 0x33
Debugging TV Frame 0x33Debugging TV Frame 0x33
Debugging TV Frame 0x33
 
Debugging TV Frame 0x31
Debugging TV Frame 0x31Debugging TV Frame 0x31
Debugging TV Frame 0x31
 
Debugging TV Frame 0x25
Debugging TV Frame 0x25Debugging TV Frame 0x25
Debugging TV Frame 0x25
 
Debugging TV Frame 0x24
Debugging TV Frame 0x24Debugging TV Frame 0x24
Debugging TV Frame 0x24
 
Debugging TV Frame 0x21
Debugging TV Frame 0x21Debugging TV Frame 0x21
Debugging TV Frame 0x21
 
Debugging TV Frame 0x20
Debugging TV Frame 0x20Debugging TV Frame 0x20
Debugging TV Frame 0x20
 
Debugging TV Frame 0x19
Debugging TV Frame 0x19Debugging TV Frame 0x19
Debugging TV Frame 0x19
 
Debugging TV Frame 0x18
Debugging TV Frame 0x18Debugging TV Frame 0x18
Debugging TV Frame 0x18
 
Debugging TV Frame 0x17
Debugging TV Frame 0x17Debugging TV Frame 0x17
Debugging TV Frame 0x17
 
Debugging TV Frame 0x16
Debugging TV Frame 0x16Debugging TV Frame 0x16
Debugging TV Frame 0x16
 
Debugging TV Frame 0x15
Debugging TV Frame 0x15Debugging TV Frame 0x15
Debugging TV Frame 0x15
 
Debugging TV Frame 0x14
Debugging TV Frame 0x14Debugging TV Frame 0x14
Debugging TV Frame 0x14
 
Debugging TV Frame 0x13
Debugging TV Frame 0x13Debugging TV Frame 0x13
Debugging TV Frame 0x13
 
Debugging TV Frame 0x12
Debugging TV Frame 0x12Debugging TV Frame 0x12
Debugging TV Frame 0x12
 
Debugging TV Frame 0x11
Debugging TV Frame 0x11Debugging TV Frame 0x11
Debugging TV Frame 0x11
 

Recently uploaded

8 Best Automated Android App Testing Tool and Framework in 2024.pdf
8 Best Automated Android App Testing Tool and Framework in 2024.pdf8 Best Automated Android App Testing Tool and Framework in 2024.pdf
8 Best Automated Android App Testing Tool and Framework in 2024.pdf
kalichargn70th171
 
Using Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional SafetyUsing Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional Safety
Ayan Halder
 
Webinar On-Demand: Using Flutter for Embedded
Webinar On-Demand: Using Flutter for EmbeddedWebinar On-Demand: Using Flutter for Embedded
Webinar On-Demand: Using Flutter for Embedded
ICS
 
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsUI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
Peter Muessig
 
GraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph TechnologyGraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph Technology
Neo4j
 
Revolutionizing Visual Effects Mastering AI Face Swaps.pdf
Revolutionizing Visual Effects Mastering AI Face Swaps.pdfRevolutionizing Visual Effects Mastering AI Face Swaps.pdf
Revolutionizing Visual Effects Mastering AI Face Swaps.pdf
Undress Baby
 
Microservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we workMicroservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we work
Sven Peters
 
How to write a program in any programming language
How to write a program in any programming languageHow to write a program in any programming language
How to write a program in any programming language
Rakesh Kumar R
 
Empowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - DeugloEmpowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - Deuglo
Deuglo Infosystem Pvt Ltd
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Łukasz Chruściel
 
SMS API Integration in Saudi Arabia| Best SMS API Service
SMS API Integration in Saudi Arabia| Best SMS API ServiceSMS API Integration in Saudi Arabia| Best SMS API Service
SMS API Integration in Saudi Arabia| Best SMS API Service
Yara Milbes
 
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit ParisNeo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j
 
GreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-JurisicGreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-Jurisic
Green Software Development
 
socradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdfsocradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdf
SOCRadar
 
Transform Your Communication with Cloud-Based IVR Solutions
Transform Your Communication with Cloud-Based IVR SolutionsTransform Your Communication with Cloud-Based IVR Solutions
Transform Your Communication with Cloud-Based IVR Solutions
TheSMSPoint
 
Graspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code AnalysisGraspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code Analysis
Aftab Hussain
 
E-commerce Development Services- Hornet Dynamics
E-commerce Development Services- Hornet DynamicsE-commerce Development Services- Hornet Dynamics
E-commerce Development Services- Hornet Dynamics
Hornet Dynamics
 
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, FactsALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
Green Software Development
 
openEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain SecurityopenEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain Security
Shane Coughlan
 

Recently uploaded (20)

8 Best Automated Android App Testing Tool and Framework in 2024.pdf
8 Best Automated Android App Testing Tool and Framework in 2024.pdf8 Best Automated Android App Testing Tool and Framework in 2024.pdf
8 Best Automated Android App Testing Tool and Framework in 2024.pdf
 
Using Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional SafetyUsing Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional Safety
 
Webinar On-Demand: Using Flutter for Embedded
Webinar On-Demand: Using Flutter for EmbeddedWebinar On-Demand: Using Flutter for Embedded
Webinar On-Demand: Using Flutter for Embedded
 
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsUI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
 
GraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph TechnologyGraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph Technology
 
Revolutionizing Visual Effects Mastering AI Face Swaps.pdf
Revolutionizing Visual Effects Mastering AI Face Swaps.pdfRevolutionizing Visual Effects Mastering AI Face Swaps.pdf
Revolutionizing Visual Effects Mastering AI Face Swaps.pdf
 
Microservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we workMicroservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we work
 
How to write a program in any programming language
How to write a program in any programming languageHow to write a program in any programming language
How to write a program in any programming language
 
Empowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - DeugloEmpowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - Deuglo
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
 
SMS API Integration in Saudi Arabia| Best SMS API Service
SMS API Integration in Saudi Arabia| Best SMS API ServiceSMS API Integration in Saudi Arabia| Best SMS API Service
SMS API Integration in Saudi Arabia| Best SMS API Service
 
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit ParisNeo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
 
GreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-JurisicGreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-Jurisic
 
socradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdfsocradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdf
 
Transform Your Communication with Cloud-Based IVR Solutions
Transform Your Communication with Cloud-Based IVR SolutionsTransform Your Communication with Cloud-Based IVR Solutions
Transform Your Communication with Cloud-Based IVR Solutions
 
Graspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code AnalysisGraspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code Analysis
 
E-commerce Development Services- Hornet Dynamics
E-commerce Development Services- Hornet DynamicsE-commerce Development Services- Hornet Dynamics
E-commerce Development Services- Hornet Dynamics
 
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, FactsALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
 
openEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain SecurityopenEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain Security
 

Pattern-Oriented Network Trace Analysis

  • 1. Network Trace Analysis Dmitry Vostokov Software Diagnostics Services Version 1.0 Facebook LinkedIn Twitter
  • 2. Wireshark Hark  Listen (to) “Hark! There’s the big bombardment.”  Speak in one’s ear; whisper Shorter Oxford English Dictionary Hark back (idiom)  To return to a previous point, as in a narrative http://www.thefreedictionary.com/hark © 2013 Software Diagnostics Services
  • 3. Prerequisites  Interest in software diagnostics, troubleshooting, debugging and network trace analysis  Experience in network trace analysis using Wireshark or Network Monitor © 2013 Software Diagnostics Services
  • 4. Why?  A common diagnostics language  Network diagnostics as software diagnostics © 2013 Software Diagnostics Services
  • 5. Software Diagnostics A discipline studying abnormal software structure and behavior in software execution artifacts (such as memory dumps, software and network traces and logs) using pattern-driven, systemic and pattern-based analysis methodologies. © 2013 Software Diagnostics Services
  • 6. Diagnostics Pattern A common recurrent identifiable problem together with a set of recommendations and possible solutions to apply in a specific context. © 2013 Software Diagnostics Services
  • 7. Pattern Orientation © 2013 Software Diagnostics Services Pattern-driven  Finding patterns in software artefacts  Using checklists and pattern catalogs Pattern-based  Pattern catalog evolution  Catalog packaging and delivery
  • 8. Catalog Classification  By abstraction Meta-patterns  By artifact type Software Log* Memory Dump Network Trace*  By story type Problem Description Software Disruption UI Problem  By intention Malware © 2013 Software Diagnostics Services
  • 9. Traces and Logs © 2013 Software Diagnostics Services
  • 10. Trace and Log Patterns © 2013 Software Diagnostics Services
  • 11. Software Narrative A temporal sequence of events related to software execution. © 2013 Software Diagnostics Services
  • 12. Software Trace © 2013 Software Diagnostics Services  A sequence of formatted messages  Arranged by time  A narrative story
  • 13. Network Trace © 2013 Software Diagnostics Services  A sequence of formatted packets as trace messages  Arranged by time  A narrative story
  • 14. Network Trace Analysis © 2013 Software Diagnostics Services Software Trace Analysis Patterns Network Trace Analysis Patterns
  • 15. Capture Tool Placing  Sniffer placing  Process Monitor placing © 2013 Software Diagnostics Services
  • 16. Trace Maps  Network map  Deployment architecture map © 2013 Software Diagnostics Services
  • 17. Name Resolution  MAC -> IP and IP -> DNS  PID -> process name © 2013 Software Diagnostics Services
  • 18. Trace Presentation © 2013 Software Diagnostics Services Full Trace (Story, Fable, Fabula) Trace 1 (Plot, Sujet) Trace 2 (Plot, Sujet) Trace 3 (Plot, Sujet) Trace 4 (Plot, Sujet) Trace 5 (Plot, Sujet) Trace Presentation A (Discourse) Trace Presentation B (Discourse) Trace Presentation C (Discourse)
  • 19. Minimal Trace Graphs © 2013 Software Diagnostics Services Time # Src Dst Time Message
  • 20. Pattern-Driven Analysis © 2013 Software Diagnostics Services Logs Checklists Patterns Action
  • 21. Pattern-Based Analysis © 2013 Software Diagnostics Services Software Trace New Pattern Discovery Pattern Catalog + Usage
  • 22. Pattern Classification © 2013 Software Diagnostics Services  Vocabulary  Error  Trace as a Whole  Large Scale  Activity  Message  Block  Trace Set
  • 23. Reference and Course © 2013 Software Diagnostics Services  Catalog from Software Diagnostics Library Software Trace Analysis Patterns  Free reference graphical slides Accelerated-Windows-Software-Trace-Analysis-Public.pdf  Training course* Accelerated Windows Software Trace Analysis * Available as a full color paperback book, PDF book, on SkillsSoft Books 24x7. Recording is available for all book formats
  • 24. Selected Patterns © 2013 Software Diagnostics Services
  • 25. Master Trace Normal network capture © 2013 Software Diagnostics Services Pattern Category Trace Set
  • 26. Message Current Packets/s © 2013 Software Diagnostics Services Time # Src Dst Time Message Time # Src Dst Time Message 10.100 10.200 10.100 12.100 J1 > J2 Pattern Category Trace as a Whole
  • 27. Message Density D1 > D2 © 2013 Software Diagnostics Services Time # Src Dst Time Message Pattern Category Trace as a Whole
  • 28. Characteristic Block D1 < D2 L1 > L2 © 2013 Software Diagnostics Services Time # Src Dst Time Message Pattern Category Large Scale
  • 29. Example © 2013 Software Diagnostics Services
  • 30. Thread of Activity © 2013 Software Diagnostics Services Pattern Category Activity Time # Src Dst Time Message Time # Src Dst Time Message
  • 31. Adjoint Thread Filtered by:  Source  Destination  Protocol  Message  Expression © 2013 Software Diagnostics Services Pattern Category Activity Time # Src Dst Time Message Time # Src Dst Time Message
  • 32. No Activity © 2013 Software Diagnostics Services Time # Src Dst Time Message We messages from other servers but only see our own traffic Pattern Category Activity
  • 33. Discontinuity © 2013 Software Diagnostics Services Pattern Category Activity Time # Src Dst Time Message Time # Src Dst Time Message
  • 34. Dialog Conversation between 2 endpoints © 2013 Software Diagnostics Services Time # Src Dst Time Message
  • 35. Significant Event Time Reference feature in Wireshark © 2013 Software Diagnostics Services Time # Src Dst Time Message Pattern Category Message
  • 36. Marked Messages Marked Packets feature in Wireshark © 2013 Software Diagnostics Services Annotated messages: session initialization [+] session tear-off [-] port A activity [+] port B activity [-] protocol C used [-] address D used [-] [+] activity is present in a trace [-] activity is undetected or not present Pattern Category Message
  • 37. Partition Connection initiation (Prologue) and termination (Epilogue) © 2013 Software Diagnostics Services Tail Epilogue Head Time Prologue Core # Src Dst Time Message Pattern Category Trace as a Whole
  • 38. Inter-Correlation  Several packet sniffers at once  Internal and external views Process Monitor log + network trace © 2013 Software Diagnostics Services Pattern Category Trace Set
  • 39. Circular Trace © 2013 Software Diagnostics Services Pattern Category Trace as a Whole Time # Src Dst Time Message Problem Repro
  • 40. Split Trace © 2013 Software Diagnostics Services Pattern Category Trace Set Time # Src Dst Time Message # PID TID Time Message # PID TID Time Message
  • 41. Paratext Info column in Wireshark © 2013 Software Diagnostics Services
  • 42. Frames OSI, TCP/IP Layers © 2013 Software Diagnostics Services Time # Src Dst Time Message Pattern Category Large Scale
  • 43. Visibility Limit Visibility window for sniffing © 2013 Software Diagnostics Services PC 1 PC 2 PC 3 sniffer Pattern Category Trace as a Whole
  • 44. Incomplete History  Packet loss  Missing ACK © 2013 Software Diagnostics Services
  • 45. Possible New Patterns  Full Trace (promiscuous mode)  Embedded Message (PDU chain, protocol data unit, packet)  Ordered Message (TCP/IP sequence numbers)  Illegal Message (sniffed with illegally obtained privileges)  Dual Trace (in / out, duplex) © 2013 Software Diagnostics Services
  • 46. Further Reading  Practical Packet Analysis, 2nd edition, by Chris Sanders  Software Diagnostics Institute  Memory Dump Analysis Anthology: Volumes 3, 4, 5, 6, … Volume 7 is in preparation (July, 2013)  Introduction to Software Narratology  Malware Narratives © 2013 Software Diagnostics Services
  • 47. What’s Next? © 2013 Software Diagnostics Services  Accelerated Network Trace Analysis  Generative Software Narratology  Pattern-Oriented Hardware Signal Analysis
  • 48. Q&A Please send your feedback using the contact form on DumpAnalysis.com © 2013 Software Diagnostics Services
  • 49. Thank you for attendance! © 2013 Software Diagnostics Services Facebook LinkedIn Twitter