Presented in May 2010
This presentation goes through the Wireshark network analyzer. It presents an overview of the different features that I've found useful while doing network performance analysis for ICS network protocols.
Presented @ ISA Safety & Security Symposium 2012
Aneheim, CA, April 2012
Wireshark is the de facto network packet analysis tool used in the industry today. It is an easily extensible open–source tool that provides a large number of capabilities for users. It’s not just for IT–based protocols either. Many industrial protocols have created packet decoders for Wireshark. This tutorial will provide the user with:
* An introduction to protocol layering
* A basic overview of packet capture and analysis
* A demonstration of how Wireshark can be used for packet capture and analysis
* Examples of some industrial protocol in Wireshark
* An explanation of some more advanced features available in Wireshark
Presented @ ISA Safety & Security Symposium 2012
Aneheim, CA, April 2012
Wireshark is the de facto network packet analysis tool used in the industry today. It is an easily extensible open–source tool that provides a large number of capabilities for users. It’s not just for IT–based protocols either. Many industrial protocols have created packet decoders for Wireshark. This tutorial will provide the user with:
* An introduction to protocol layering
* A basic overview of packet capture and analysis
* A demonstration of how Wireshark can be used for packet capture and analysis
* Examples of some industrial protocol in Wireshark
* An explanation of some more advanced features available in Wireshark
Network Analysis Using Wireshark -10- arp and ip analysis Yoram Orzach
• By the end of this lesson, the participant will be able to:
▫ Understand ARP and IP
▫ Isolate and fix basic IP/ARP networking problems Yoram Orzach is Experienced Instructor in the areas of IP technologies, network design, network analysis and optimization and network forensics, providing courses based on strong theoretical background and real-world case studies, based on many years of training and field experience world-wide.
Wireshark course, Ch 02: Introduction to wiresharkYoram Orzach
This chapter introduces the very basics of Wireshark - how to start packet capture, where to locate it in the network and how to configure basic operations. In chapter 3 we will learn how to configure capture and display filters.
Network analysis Using Wireshark Lesson 11: TCP and UDP AnalysisYoram Orzach
Network analysis Using Wireshark Lesson
By the end of this lesson, the participant will be able to:
▫ Understand UDP and TCP network behavior
▫ Understand TCP connectivity problems
▫ Understand how to use Wireshark for TCP troubleshooting
Tutorial slides about the wireless sensor network SmartSantander/WISEBED experimental facility. Held at the Senzations Summer School in Palic, Serbia 2013.
This gives an overall idea about wireshark design and how to capture packets using wireshark, tcpdump and tshark. It also covers basics behind measuring network performance and tools to use such as bmon and iperf.
Network Analysis Using Wireshark -10- arp and ip analysis Yoram Orzach
• By the end of this lesson, the participant will be able to:
▫ Understand ARP and IP
▫ Isolate and fix basic IP/ARP networking problems Yoram Orzach is Experienced Instructor in the areas of IP technologies, network design, network analysis and optimization and network forensics, providing courses based on strong theoretical background and real-world case studies, based on many years of training and field experience world-wide.
Wireshark course, Ch 02: Introduction to wiresharkYoram Orzach
This chapter introduces the very basics of Wireshark - how to start packet capture, where to locate it in the network and how to configure basic operations. In chapter 3 we will learn how to configure capture and display filters.
Network analysis Using Wireshark Lesson 11: TCP and UDP AnalysisYoram Orzach
Network analysis Using Wireshark Lesson
By the end of this lesson, the participant will be able to:
▫ Understand UDP and TCP network behavior
▫ Understand TCP connectivity problems
▫ Understand how to use Wireshark for TCP troubleshooting
Tutorial slides about the wireless sensor network SmartSantander/WISEBED experimental facility. Held at the Senzations Summer School in Palic, Serbia 2013.
This gives an overall idea about wireshark design and how to capture packets using wireshark, tcpdump and tshark. It also covers basics behind measuring network performance and tools to use such as bmon and iperf.
Test Tool for Industrial Ethernet Network Performance (June 2009)Jim Gilsinn
Presented @ 55th International Instrumentation Symposium
League City, Texas, 1–5 June 2009
Ethernet is being used by a wider variety of industrial devices and applications. Industrial applications and systems require deterministic operations that traditional Ethernet and Transport Control Protocol / Internet Protocol (TCP/IP) suites were not originally designed to support. A standardized way to describe and test industrial devices is needed in order to aid users to characterize the performance of their software and hardware applications.
The Manufacturing Engineering Laboratory (MEL) of the National Institute of Standards & Technology (NIST) has been working to develop a set of standardized network performance metrics, tests, and tools since 2002. NIST has cooperated with standards organizations and other groups during that time.
NIST is presently working on developing an open-source test tool, called Industrial Ethernet Network Performance (IENetP), to aid vendors in characterizing the performance of their devices. The IENetP test tool will be capable of conducting a full series of performance tests and reporting the results to the user. The current version of the software is capable of analyzing network traffic and producing statistics and graphs showing the network performance of a device.
To Get any Project for CSE, IT ECE, EEE Contact Me @ 09666155510, 09849539085 or mail us - ieeefinalsemprojects@gmail.com-Visit Our Website: www.finalyearprojects.org
To Get any Project for CSE, IT ECE, EEE Contact Me @ 09666155510, 09849539085 or mail us - ieeefinalsemprojects@gmail.com-Visit Our Website: www.finalyearprojects.org
HIS 2017 Roderick chapman- Secure Updates for Embedded Systemsjamieayre
Your smartphone (and some brands of car) appear to be able to update their operating system and applications securely, remotely and wirelessly. Can the same capability be brought to deeply embedded, critical systems? The benefits are numerous, most notably bringing the potential to upgrade the capability of systems 'in the field' without need for a physical recall to the factory or a maintenance facility.
This talk will outline the technologies behind the scenes of such a 'code signing' infrastructure, including the cryptographic primitives and protocols needed to assure the confidentiality, integrity and authentication of such updates. An implementation sets some serious challenges, including the need to run on small 'bare metal' target machines, atomicity of the update process, and the need to meet cryptographic and technical standards set by GCHQ. We will also consider the need for key generation and distribution, and provision of a certificate authority to support such a scheme
Semantically-Enabling the Web of Things: The W3C Semantic Sensor Network Onto...Laurent Lefort
Presentation of the SSN XG results at eResearch Australia 2011 https://eresearchau.files.wordpress.com/2012/06/74-semantically-enabling-the-web-of-things-the-w3c-semantic-sensor-network-ontology.pdf
Charith Perera, Arkady Zaslavsky, Michael Compton, Peter Christen, and Dimitrios Georgakopoulos, Semantic-driven Configuration of Internet of Things Middleware, Proceedings of the 9th International Conference on Semantics, Knowledge & Grids (SKG), Beijing, China, October, 2013
Why use a Network Simulator for research ?
Introduction to NetSim
Introduction to IoT
IoT Technologies – 802.15.4, 6LowPAN
Designing IoT scenario using NetSim
Analyzing Metrics
Protocol Code editing
Areas of R & D in IoT
Q & A Session
Achievements and future works of ITU-T Study Group 11 on Signalling requirements, protocols and test specifications
Presented at WTSA-16 by Mr Kaoru Kenyoshi, Vice-Chairman, on behalf of Mr Wei Feng, Chairman of of ITU-T Study Group 11
3 July 2017 - At ION Costa Rica, Kevin Meynell discusses work underway at the IETF on IPv6, DNSSEC, Routing, and more, and how anyone can get involved in the IETF process.
Nidhal K. EL Abbadi 2017, In this research. Skin lesion is determined on the ABCD rule. The median filter is used during pre-processing to get rid of bubbles, hair and other lighting effects. In order to segment data, follow these steps: First, a median filtering to filter out hair and background noise.
AI & ML in Cyber Security - Why Algorithms Are DangerousRaffael Marty
Every single security company is talking in some way or another about how they are applying machine learning. Companies go out of their way to make sure they mention machine learning and not statistics when they explain how they work. Recently, that's not enough anymore either. As a security company you have to claim artificial intelligence to be even part of the conversation.
Guess what. It's all baloney. We have entered a state in cyber security that is, in fact, dangerous. We are blindly relying on algorithms to do the right thing. We are letting deep learning algorithms detect anomalies in our data without having a clue what that algorithm just did. In academia, they call this the lack of explainability and verifiability. But rather than building systems with actual security knowledge, companies are using algorithms that nobody understands and in turn discover wrong insights.
In this talk I will show the limitations of machine learning, outline the issues of explainability, and show where deep learning should never be applied. I will show examples of how the blind application of algorithms (including deep learning) actually leads to wrong results. Algorithms are dangerous. We need to revert back to experts and invest in systems that learn from, and absorb the knowledge, of experts.
Similar to Wireshark Network Protocol Analyzer (20)
Presented: September 21, 2017
At: CS2AI, Washington, DC
A decade ago, ISA99 published the first standard in what is now the ISA/IEC 62443 series. Since then, the series has coalesced into the current form consisting of 13 individual documents in various stages of completion, publication, and/or revision. Printing out all of the existing standards and drafts can easily use up more than a ream of paper. It can be a daunting task to try to apply it to an organization. So, what are you supposed to do? How are you supposed to proceed? In this talk, I’ll go over some of the lessons I’ve learned from helping customers develop and evaluate security programs within their organization.
Practical Approaches to Securely Integrating Business and ProductionJim Gilsinn
Presented @ 2016 ISA Process Control & Safety Symposium, November 10, 2016
The exchange of key information between business operations, suppliers, customers, production, and ultimately the production equipment itself can provide significant financial and productivity advantages. This presentation will discuss some practical approaches to utilizing the cyber security principles from ISA/IEC 62443 in order to integrate the business and production environments. It will also present some of the different solutions for meeting a variety of scenarios, such as data historians, patching/updating, and remote maintenance.
Presented @ Frederick Linux Users Group (KeyLUG)
May 7, 2016
A presentation on protecting Small Office/Home Office (SOHO) networks that I made at the Frederick Linux Users Group (KeyLUG). I work virtually from my home, and this presentation goes through some of my experiences setting up my home network to be better and more secure. I ditched my consumer-grade NAT router and have installed a firewall, commercial-grade wireless access points, and an intrusion detection system (IDS). I'm not finished yet, but this presentation will give you an idea of some of the things that I've done, where I'm thinking about going, and as some things to consider as you setup your own network.
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEMJim Gilsinn
Presented: BSidesDC 2015, Washington, DC, October 18, 2015
YouTube Video @ https://youtu.be/v3LBywLthjY
Determining the overall health and security of an industrial control system (ICS) network is currently done by looking at the negative case. If the network infrastructure devices indicate that all the devices are connected and communicating, then the network must be operating correctly. If the controllers indicate that they are able to communicate with the other devices in the system, then the system must be operating correctly. If the network security monitoring (NSM) or security information and event management (SIEM) system are not indicating any security events, then the system must be operating correctly. In each of these cases, the assumption is that the system is operating correctly if there are no errors or events being indicated by any of the devices. In reality, the actual health and security of the system can only be determined by positive conditions. The communication streams need to be measured to determine that they are operating within certain limits based upon a desires set of conditions, like rate and maximum latency. Many controllers keep track of these factors for real-time communications, however they are often only recorded as averages and not high-fidelity measurements.
This paper presents an approach to analyzing the real-time network traffic performance of an ICS by measuring the jitter and latency associated with individual network traffic streams in the system. By using statistical and mathematical analysis of the high-fidelity jitter and latency data, a network reliability factor can be determined and used to indicate the health of those traffic streams. The author will present a method to combine the individual network reliability factors into a network reliability monitoring system. Lastly, the author will discuss how network reliability monitoring can be used to indicate potential security problems by observing the network traffic patterns.
Presented @ BSidesDE, November 14, 2014
Cook like a hacker, and I don’t mean Ramen noodles, take-out pizza, and a bowl of cereal. A lot of hacking involves using a basic set of equipment, learning a powerful set of tools, following a basic set of procedures, a lot of improvising and experimenting, and learning from your mistakes. Cooking is the same. You can cook amazing meals, but it means that you have to be willing to apply a hacker-type mindset to an area that doesn’t involve computers.
Integrating the Alphabet Soup of StandardsJim Gilsinn
Presented @ 2014 ICS Cyber Security Conference
October 21, 2014
It’s been over a year since the NIST Cybersecurity Framework and ISA-62443-3-3 were published, ISA-62443-2-1 has been out for almost 5 years, and ISO/IEC 27001 & 27002 have been out for nearly a decade. NIST has already started their process for revisions, ISA is actively working to overhaul 62443-2-1, and ISO/IEC just published a major revision to their standard. In addition to these cross-domain standards, there are a multitude of local and sector-specific standards as well. As a consultant, we are often asked to use one of these as a baseline to help our customers generate an ICS cyber security program. This presentation will discuss some of the strengths and weaknesses of these different standards and the effort to integrate them into a realistic set of ICS cyber security program requirements.
Presented @ ISA Process Control & Safety Symposium
October 8, 2014
Description of the Kenexis project to build a ICS performance and security lab-in-a-box. This talk accompanies a live demo of the lab equipment.
Using Cyber-Vulnerability Assessment (CVA) to Optimize Control System Upgrade...Jim Gilsinn
Presented @ Emerson Exchange
October 7, 2014
Industrial control systems (ICS) are large information technology (IT) systems. Office IT systems, failure of ICS can cause plant outages and even physical damage. Management of ICS needs to be different and smarter. IT vendors frequently recommend patches and configuration changes. Most have no impact to the ICS, which cannot implement changes in real time. ICS typically get one chance every few years to make changes - the turnaround. This paper describes optimization of ISC turnaround work, using cyber-vulnerability assessment to focus turnaround work to only what is necessary.
Cyber & Process Attack Scenarios for ICSJim Gilsinn
Presented at the OPC Foundation's "The Information Revolution 2014" in Redmond, WA August 5-6, 2014
This presentation discusses the modes and methodologies an attacker may use against an industrial control system in order to create a complex process attack. The presentation then discusses some specific examples, both real and hypothetical. The presentation finishes with a description of some common ways in which an organization could defend itself against these types of attacks.
Network performance testing for devices and systems can be a daunting task for vendors and end-users given the cost of test equipment and the investment that the companies have to spend in developing relevant tests and understanding the results. During the last couple years, a group of low cost computing systems have been introduced that are very capable from a functional point of view, but how well do they actually perform? Can they be used in a low-cost performance testing lab system to validate ICS devices before they go into production? Can end-users use them to capture live traffic in their network and get reliable performance results? This talk will discuss how and when different types of equipment can be used to develop a low-cost network performance testing lab. It will also show results from a series of performance tests conducted on some of the equipment and with different testing architectures.
Evaluating System-Level Cyber Security vs. ANSI/ISA-62443-3-3Jim Gilsinn
With the recent publication of ANSI/ISA-62443-3-3-2013, it is possible for end-users, system integrators, and vendors to qualify the capabilities of their systems from an ICS cyber security perspective. This process is not as simple as it may seem, though. In many cases, the capabilities of individual components of a system can be determined from specifications and manuals. The capabilities of the system also needs to be evaluated as a whole to determine how those individual components work together. Component-level and System-level certifications are common practice in the safety environment, and will eventually become common in the ICS cyber security environment as well. Certification bodies, like the ISA Security Compliance Institute (ISCI), have begun the process to develop certification efforts around ISA-62443-3-3. Until many more groups of components and systems have been officially certified, third-party assessments and evaluations will be common. This presentation will discuss an example of how Kenexis Consulting has evaluated a particular vendor’s components and systems to determine compliance with ISA-62443-3-3. The presentation will go through the evaluation methodology used and describe how Kenexis used the evaluation to develop a series of real-world use-cases of the components and system in the ICS environment.
With the ever increasing number of networking protocols, it can be difficult for vendors, integrators, and end-users to determine how well different products and systems perform in real-world networking situations. Each protocol has their own method of defining traffic streams and message structures. Packet analyzers, like Wireshark, have been developed to interpret individual network packets and can perform rudimentary analysis of traffic streams for well-known packet types. Analyzing industrial protocols usually requires much more massaging of the data and in many cases requires a user to do much of the work by hand. This session will present a method to break-down industrial traffic streams into the core components necessary to analyze their performance. By identifying a few key fields in each protocol, a user can define their own method to identify individual traffic streams and analyze their performance.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
1. Manufacturing Engineering Laboratory (MEL)
National Institute of Standards & Technology (NIST)
U.S. Department of Commerce, Technology Administration
Wireshark Network Protocol
Analyzer
Jim Gilsinn
Manufacturing Engineering Laboratory (MEL)
National Institute of Standards & Technology (NIST)
Sensor Standardization & Harmonization Working Group
May 18, 2010
1
2. Manufacturing Engineering Laboratory (MEL)
National Institute of Standards & Technology (NIST)
U.S. Department of Commerce, Technology Administration
Overview
•
•
•
•
•
Wireshark: What Is It?
A Brief History
What Can It Do?
How Do I Use It?
Demo
–
–
–
–
Starting Screen
Capture Screen
Capture File Statistics
Packet Filtering
• Summary
• Where Can I Get It?
Sensor Standardization & Harmonization Working Group
May 18, 2010
2
3. Manufacturing Engineering Laboratory (MEL)
National Institute of Standards & Technology (NIST)
U.S. Department of Commerce, Technology Administration
Wireshark: What Is It?
• De-facto network packet analyzer
• Open-source
– GNU General Public License
– Over 680 Contributors
• Multi-platform
– Pre-compiled installers for PC/Mac
– Source code & instructions for Unix & Linux
• Extensible
– Add-ons and extensions are relatively easy to build
Sensor Standardization & Harmonization Working Group
May 18, 2010
3
4. Manufacturing Engineering Laboratory (MEL)
National Institute of Standards & Technology (NIST)
U.S. Department of Commerce, Technology Administration
A Brief History
• Started out in 1998 as Ethereal 0.2.0
• Became Wireshark in 2006
– Original developer changed companies
– Name remained property of previous company
– Started as Wireshark 0.99
• Currently 3 versions available
– Version 1.0.13 – Old stable release
– Version 1.2.8 – Stable release
– Version 1.3.5 – Development release
Sensor Standardization & Harmonization Working Group
May 18, 2010
4
5. Manufacturing Engineering Laboratory (MEL)
National Institute of Standards & Technology (NIST)
U.S. Department of Commerce, Technology Administration
What Can It Do?
• Capture live network traffic
– Variety of networks (Ethernet, WiFi, Bluetooth, USB, etc.)
• Import capture files from multiple packages
– 35 different file network capture file formats
• Display packets in great detail
– Over 1000 different protocol decoders have been written
• Identify bad packets
– Wireshark knows what the packets should look like
• Search and filter packets
– Over 75k different filter variables
• Track “conversations”
Sensor Standardization & Harmonization Working Group
May 18, 2010
5
6. Manufacturing Engineering Laboratory (MEL)
National Institute of Standards & Technology (NIST)
U.S. Department of Commerce, Technology Administration
How Do I Use It?
• Protocol & data analysis
– Analyze client-server interaction, errors, network data
verification
• Latency
– Client-server request-response timing
Sensor Standardization & Harmonization Working Group
May 18, 2010
6
7. Manufacturing Engineering Laboratory (MEL)
National Institute of Standards & Technology (NIST)
U.S. Department of Commerce, Technology Administration
How Do I Use It?
• Non-web-based applications
– Jitter on repeating network packets
– Hardware-assisted packet analysis
Sensor Standardization & Harmonization Working Group
May 18, 2010
7
8. Manufacturing Engineering Laboratory (MEL)
National Institute of Standards & Technology (NIST)
U.S. Department of Commerce, Technology Administration
How Do I Use It?
Sensor Standardization & Harmonization Working Group
May 18, 2010
8
9. Manufacturing Engineering Laboratory (MEL)
National Institute of Standards & Technology (NIST)
U.S. Department of Commerce, Technology Administration
Starting Screen
Sensor Standardization & Harmonization Working Group
May 18, 2010
9
10. Manufacturing Engineering Laboratory (MEL)
National Institute of Standards & Technology (NIST)
U.S. Department of Commerce, Technology Administration
Capture Screen
Sensor Standardization & Harmonization Working Group
May 18, 2010
10
11. Manufacturing Engineering Laboratory (MEL)
National Institute of Standards & Technology (NIST)
U.S. Department of Commerce, Technology Administration
Capture Screen: Filtered Packets
Sensor Standardization & Harmonization Working Group
May 18, 2010
11
12. Manufacturing Engineering Laboratory (MEL)
National Institute of Standards & Technology (NIST)
U.S. Department of Commerce, Technology Administration
Capture Screen: Packet Details
Sensor Standardization & Harmonization Working Group
May 18, 2010
12
13. Manufacturing Engineering Laboratory (MEL)
National Institute of Standards & Technology (NIST)
U.S. Department of Commerce, Technology Administration
Capture Screen: Packet Hex/ASCII
Sensor Standardization & Harmonization Working Group
May 18, 2010
13
14. Manufacturing Engineering Laboratory (MEL)
National Institute of Standards & Technology (NIST)
U.S. Department of Commerce, Technology Administration
Capture File Statistics
Sensor Standardization & Harmonization Working Group
May 18, 2010
14
15. Manufacturing Engineering Laboratory (MEL)
National Institute of Standards & Technology (NIST)
U.S. Department of Commerce, Technology Administration
Statistics: Summary
• Basic information
about the file
• File format
• Number of packets
• Capture duration
• Average
packets/second
Sensor Standardization & Harmonization Working Group
May 18, 2010
15
16. Manufacturing Engineering Laboratory (MEL)
National Institute of Standards & Technology (NIST)
U.S. Department of Commerce, Technology Administration
Statistics: Protocol Hierarchy
• Displays protocol layering
• Shows basic statistics for each protocol layer
Sensor Standardization & Harmonization Working Group
May 18, 2010
16
17. Manufacturing Engineering Laboratory (MEL)
National Institute of Standards & Technology (NIST)
U.S. Department of Commerce, Technology Administration
Statistics: Conversations
• Identifies and tracks individual streams of traffic
• Can track multiple protocols
Sensor Standardization & Harmonization Working Group
May 18, 2010
17
18. Manufacturing Engineering Laboratory (MEL)
National Institute of Standards & Technology (NIST)
U.S. Department of Commerce, Technology Administration
Statistics: IO Graph
• Graphical representation of packet timing
• Helps identify causes/effects for packets
Sensor Standardization & Harmonization Working Group
May 18, 2010
18
19. Manufacturing Engineering Laboratory (MEL)
National Institute of Standards & Technology (NIST)
U.S. Department of Commerce, Technology Administration
Packet Filtering
Sensor Standardization & Harmonization Working Group
May 18, 2010
19
20. Manufacturing Engineering Laboratory (MEL)
National Institute of Standards & Technology (NIST)
U.S. Department of Commerce, Technology Administration
Building Packet Filters
Sensor Standardization & Harmonization Working Group
May 18, 2010
20
21. Manufacturing Engineering Laboratory (MEL)
National Institute of Standards & Technology (NIST)
U.S. Department of Commerce, Technology Administration
Summary
• Wireshark is the de-factor standard
– Very versatile
– Extensible
• Wireshark provides insight into what’s
happening on the network
– Capture and view network traffic
– Investigate network issues
– Monitor application interactions
• The only way to understand your network is to
understand the packets
Sensor Standardization & Harmonization Working Group
May 18, 2010
21
22. Manufacturing Engineering Laboratory (MEL)
National Institute of Standards & Technology (NIST)
U.S. Department of Commerce, Technology Administration
Where Can I Get It?
• Wireshark Website
– http://www.wireshark.org
• Wireshark Download
– http://www.wireshark.org/download.html
• Wireshark Documentation
– http://www.wireshark.org/docs/
• Wireshark Wiki
– http://wiki.wireshark.org/
Sensor Standardization & Harmonization Working Group
May 18, 2010
22
23. Manufacturing Engineering Laboratory (MEL)
National Institute of Standards & Technology (NIST)
U.S. Department of Commerce, Technology Administration
Questions?
• Jim Gilsinn
– Intelligent Systems Division
Manufacturing Engineering Laboratory
National Institute of Standards & Technology
100 Bureau Drive, Stop 8230
Gaithersburg, MD 20899-8230
– 301-975-3865
– james.gilsinn@nist.gov
– http://www.nist.gov/mel/isd
Sensor Standardization & Harmonization Working Group
May 18, 2010
23