Following the Packets: A Walk Through Bro s Internal Processing Pipeline
|
|
- Tamsyn Franklin
- 6 years ago
- Views:
Transcription
1 Following the Packets: A Walk Through Bro s Internal Processing Pipeline Robin Sommer robin@icir.org Corelight, Inc. International Computer Science Institute Lawrence Berkeley National Laboratory
2 Outline Bro s Architecture & Data Flow Components Protocol & file analysis Log writer & input readers Bro Plugins
3 Bro Architecture Script Interpreter s Network Packets
4 Bro Architecture Script Interpreter s Packet Source Network Packets
5 Bro Architecture Script Interpreter s I/O Loop Packet Source Network Packets
6 Bro Architecture Script Interpreter s I/O Loop Session Table Packet Source Network Packets
7 Bro Architecture Script Interpreter s Connection I/O Loop Session Table Packet Source Network Packets
8 Bro Architecture Script Interpreter s Protocol Connection I/O Loop Session Table Packet Source Network Packets
9 Bro Architecture Script Interpreter s File Protocol Connection I/O Loop Session Table Packet Source Network Packets
10 Bro Architecture Script Interpreter s File Protocol Connection Signature I/O Loop Session Table Packet Source Network Packets
11 Bro Architecture Script Interpreter s File Protocol Connection Signature I/O Loop Session Table Packet Source Network Packets
12 Bro Architecture Script Interpreter s Timer File Protocol Connection Signature I/O Loop Session Table Packet Source Network Packets
13 Bro Architecture Script Interpreter Handlers s Timer File Protocol Connection Signature I/O Loop Session Table Packet Source Network Packets
14 Bro Architecture Script Interpreter Modules Functions Expressions Statements Values Types Handlers s Timer File Protocol Connection Signature I/O Loop Session Table Packet Source Network Packets
15 Bro Architecture Script Interpreter Modules Functions Expressions Statements Values Types Handlers BiF Elements Types Constants prototypes Functions s Log Manager Timer File Protocol Connection Signature I/O Loop Session Table Packet Source Network Packets
16 Bro Architecture Script Interpreter Modules Functions Expressions Statements Values Types Handlers BiF Elements Types Constants prototypes Functions s Remote- Serializer Log Manager Timer File Protocol Connection Signature I/O Loop Session Table Packet Source Network Packets
17 Bro Architecture Script Interpreter Modules Functions Expressions Statements Values Types Handlers BiF Elements Types Constants prototypes Functions s Communic. Process Remote- Serializer Log Manager Timer File Protocol Connection Signature I/O Loop Session Table Packet Source Network Packets
18 Bro Architecture Script Interpreter Modules Functions Expressions Statements Values Types Handlers BiF Elements Types Constants prototypes Functions s Communic. Process Remote- Serializer Log Manager Input Manager Timer File Protocol Connection Signature I/O Loop Session Table Packet Source Network Packets
19 Bro Architecture Script Interpreter Network Packet Source I/O Loop Session Table s Packets Connection Protocol File Signature Timer Log Manager Input Manager prototypes Functions Types Constants Functions Modules Statements Expressions Types Values Handlers BiF Elements Remote- Serializer Thread Manager Communic. Process
20 Bro Architecture Script Interpreter Network Packet Source I/O Loop Session Table s Packets Connection Protocol File Signature Timer Log Manager Input Manager prototypes Functions Types Constants Functions Modules Statements Expressions Types Values Handlers BiF Elements Remote- Serializer Thread Manager Communic. Process
21 Protocol & File Example: SSL Session IP
22 Protocol & File Example: SSL Session IP TCP connection_established()
23 Protocol & File Example: SSL Session IP TCP SSL connection_established() ssl_{client,server}_hello()
24 Protocol & File Example: SSL Session IP TCP SSL X.509 connection_established() ssl_{client,server}_hello() x509_certificate()
25 Protocol & File Example: SSL Session? IP TCP SSL X.509 connection_established() ssl_{client,server}_hello() x509_certificate()
26 Dynamic Protocol Detection IP TCP
27 Dynamic Protocol Detection IP TCP PIA Buffer
28 Dynamic Protocol Detection Analyzer::register_for_port(Analyzer::SSL, 443/tcp); IP TCP PIA Buffer
29 Dynamic Protocol Detection signature dpd_ssl_server { ip-proto == tcp payload /^(\x16\x03[\x00\x01\x02\x03[ ].*/ tcp-state responder enable "ssl" } Analyzer::register_for_port(Analyzer::SSL, 443/tcp); IP TCP PIA Buffer
30 Dynamic Protocol Detection signature dpd_ssl_server { ip-proto == tcp payload /^(\x16\x03[\x00\x01\x02\x03[ ].*/ tcp-state responder enable "ssl" } Analyzer::register_for_port(Analyzer::SSL, 443/tcp); IP TCP PIA Buffer SSL
31 Dynamic Protocol Detection signature dpd_ssl_server { ip-proto == tcp payload /^(\x16\x03[\x00\x01\x02\x03[ ].*/ tcp-state responder enable "ssl" } Analyzer::register_for_port(Analyzer::SSL, 443/tcp); IP TCP PIA Buffer SSL X.509
32 Dynamic Protocol Detection signature dpd_ssl_server { ip-proto == tcp payload /^(\x16\x03[\x00\x01\x02\x03[ ].*/ tcp-state responder enable "ssl" } Analyzer::register_for_port(Analyzer::SSL, 443/tcp); IP TCP PIA Buffer SSL HTTP X.509
33 Dynamic Protocol Detection signature dpd_ssl_server { ip-proto == tcp payload /^(\x16\x03[\x00\x01\x02\x03[ ].*/ tcp-state responder enable "ssl" } Analyzer::register_for_port(Analyzer::SSL, 443/tcp); IP TCP PIA Buffer SSL HTTP X.509
34 Protocol Analyzer API class Analyzer { virtual void Init(); virtual void Done(); virtual void DeliverPacket(int len, const u_char* data, bool orig, bool orig, uint64 seq, const IP_Hdr* ip, int caplen); virtual void DeliverStream(int len, const u_char* data, bool orig); virtual void Undelivered(uint64 seq, int len, bool orig); virtual void EndOfData(bool is_orig); virtual void FlipRoles(); } class TCP_ApplicationAnalyzer : public Analyzer { virtual void EndpointEOF(bool is_orig); virtual void ConnectionFinished(int half_finished); virtual void ConnectionReset(); };
35 File Analyzer API class Analyzer { virtual void Init(); virtual void Done(); virtual bool DeliverChunk(const u_char* data, uint64 len, uint64 offset); virtual bool DeliverStream(const u_char* data, uint64 len); virtual bool EndOfFile(); virtual bool Undelivered(uint64 offset, uint64 len); };
36 Bro Architecture Script Interpreter Network Packet Source I/O Loop Session Table s Packets Connection Protocol File Signature Timer Log Manager Input Manager prototypes Functions Types Constants Functions Modules Statements Expressions Types Values Handlers BiF Elements Remote- Serializer Thread Manager Communic. Process
37 Bro Architecture Script Interpreter Network Packet Source I/O Loop Session Table s Packets Connection Protocol File Signature Timer Log Manager Input Manager prototypes Functions Types Constants Functions Modules Statements Expressions Types Values Handlers BiF Elements Remote- Serializer Thread Manager Communic. Process
38 Writers & Readers Log Writers Input Readers ASCII ASCII SQLite Binary Raw file SQLite
39 Log Writer API class WriterBackend { virtual bool DoInit(const WriterInfo& info, int num_fields, virtual bool DoWrite(int num_fields, const Field* const* fields, threading::value** vals); virtual bool DoSetBuf(bool enabled); virtual bool DoFlush(double network_time); virtual bool DoRotate(const char* rotated_path, double open, double close, bool terminating); virtual bool DoFinish(double network_time); virtual bool DoHeartbeat(double network_time, double current_time); }; Each writer runs in its own thread.
40 Input Reader API class ReaderBackend { virtual bool DoInit(const ReaderInfo& info, int arg_num_fields, const threading::field* const* fields); virtual void DoClose(); virtual bool DoUpdate(); virtual bool DoHeartbeat(double network_time, double current_time); // Simple mode. void Send(const char* name, const int num_vals, threading::value* *vals); void Put(threading::Value** val); void Delete(threading::Value** val); void Clear(); void EndOfData(); // Tracking mode. void SendEntry(threading::Value** vals); void EndCurrentSend(); }; Each reader runs in its own thread.
41 Bro Plugins Build & install Bro components independently Distribute as a Bro package Log writers Input readers Protocol analyzers File analyzers Packet Sources BiF elements Bro Scripts
42 BYOP # ~/bro/aux/bro-aux/plugin-support/init-plugin icsi-plugin ICSI BroMagic Installing icsi-plugin/changes... Installing icsi-plugin/cmakelists.txt... Installing icsi-plugin/configure... Installing icsi-plugin/configure.plugin... Installing icsi-plugin/scripts/ load.bro... Installing icsi-plugin/scripts/icsi/bromagic/ load.bro... Installing icsi-plugin/scripts/init.bro... Installing icsi-plugin/src/bromagic.bif... Installing icsi-plugin/src/plugin.h... Installing icsi-plugin/src/plugin.cc [ ] # cd icsi-plugin/ #./configure --brodist=$home/bro/master Build Directory : build Bro Source Directory : /home/robin/bro/master [ ] # make && make install [ ] # bro -N ICSI::BroMagic - <Insert description> (dynamic, version 0.1) Bro::ARP - ARP Parsing (built-in) Bro::AsciiReader - ASCII input reader (built-in) Bro::AsciiWriter - ASCII log writer (built-in) Bro::AYIYA - AYIYA Analyzer (built-in) [ ]
43 Bro Architecture Script Interpreter Network Packet Source I/O Loop Session Table s Packets Connection Protocol File Signature Timer Log Manager Input Manager prototypes Functions Types Constants Functions Modules Statements Expressions Types Values Handlers BiF Elements Remote- Serializer Thread Manager Communic. Process
44 Script Interpreter s Questions? Network Packets
The Bro Network Intrusion Detection System
The Bro Network Intrusion Detection System Robin Sommer Lawrence Berkeley National Laboratory rsommer@lbl.gov http://www.icir.org Outline Design of the Bro NIDS Philosophy Architecture LBNL s Bro Installation
More informationWriting Bro Analyzers. Vlad Grigorescu Bro Workshop Germany 2018
Writing Bro Analyzers Vlad Grigorescu Bro Workshop Germany 2018 Goal You're not going to become experts in 30 minutes. Present an overview of the steps needed to write a new binpac protocol or file analyzer
More informationHILTI: An Abstract Execution Environment for Deep, Stateful Network Traffic Analysis
HILTI: An Abstract Execution Environment for Deep, Stateful Network Traffic Analysis Robin Sommer International Computer Science Institute, & Lawrence Berkeley National Laboratory robin@icsi.berkeley.edu
More informationA Graphical User Interface Framework for Detecting Intrusions using Bro IDS
A Graphical User Interface Framework for Detecting Intrusions using Bro IDS Shaffali Gupta M.Tech Scholar Thapar University, Patiala Rachit Goel M.tech Scholar Doon Valley, Karnal ABSTRACT Internet has
More informationExploiting Multi-Core Processors For Parallelizing Network Intrusion Prevention
Exploiting Multi-Core Processors For Parallelizing Network Intrusion Prevention Robin Sommer International Computer Science Institute, & Lawrence Berkeley National Laboratory robin@icsi.berkeley.edu http://www.icir.org
More informationThe Bro Cluster The Bro Cluster
The Bro Cluster The Bro Cluster Intrusion Detection at 10 Gig and A High-Performance beyond using the NIDS Bro Architecture IDS for the Lawrence Berkeley National Lab Robin International Computer Science
More informationEnhancing Byte-Level Network Intrusion Detection Signatures with Context
Enhancing Byte-Level Network Intrusion Detection Signatures with Context Robin Sommer sommer@in.tum.de Technische Universität München Germany Vern Paxson vern@icir.org International Computer Science Institute
More informationA Bro Primer. Presenter: Adam Pumphrey, Bricata
A Bro Primer Presenter: Adam Pumphrey, Bricata Intro Working in cybersecurity for about 17 years - most of which was with the civilian federal government Role and responsibilities have varied but mainly
More informationSeeking Visibility Into Network Activity for Security Analysis
Seeking Visibility Into Network Activity for Security Analysis Robin Sommer Lawrence Berkeley National Laboratory & International Computer Science Institute robin@icsi.berkeley.org http://www.icir.org
More informationShield -- A First Line Worm Defense. Helen J. Wang, Chuanxiong Guo, Dan Simon, and Alf Zugenmaier Feb 25, Motivation
Shield -- A First Line Worm Defense Helen J. Wang, Chuanxiong Guo, Dan Simon, and Alf Zugenmaier Feb 25, 2004 Motivation Slammer, MSBlast, CodeRed, Nimda all exploiting known! Vulnerabilities whose patches
More informationNetwork Security Today: Finding Complex Attacks at 100Gb/s
: Finding Complex Attacks at 100Gb/s Robin Sommer International Computer Science Institute, & Lawrence Berkeley National Laboratory robin@icsi.berkeley.edu http://www.icir.org/robin The Old Days Border
More informationlibqsearch A library designed for fast multiple pattern matching
libqsearch A library designed for fast multiple pattern matching Philippe Biondi FOSDEM 2003 February 8-9th, 2003 Outline 1 What is libqsearch? Presentation History Architecture
More informationProgram Block Editor and Compiler (PBEC)
Program Block Editor and Compiler (PBEC) For Hercules User Manual Version 1.7.5 2007 Dearborn Group Inc. 27007 Hills Tech Court Farmington Hills, MI 48331 Phone (248) 488-2080 Fax (248) 488-2082 http://www.dgtech.com
More informationOpen Source Detectors Developers Guide
Open Source Detectors May 29, 2014 Page 1 May 29, 2014 Copyright 2014 Cisco and/or its affiliates. All rights reserved. Open Source Detectors Page 2 May 29, 2014 Table of Contents 1 Overview... 4 2 Detector
More informationVive Input Utility Developer Guide
Vive Input Utility Developer Guide vivesoftware@htc.com Abstract Vive Input Utility is a tool based on the SteamVR plugin that allows developers to access Vive device status in handy way. We also introduce
More informationBasic Network Kung-Fu: Essential Packet Processing Tools
Basic Network Kung-Fu: Essential Packet Processing Tools Christian Kreibich International Computer Science Institute christian@icir.org 11 December 2007 1 Outline Classes of packet processing tools New
More informationSession 8. Reading and Reference. en.wikipedia.org/wiki/list_of_http_headers. en.wikipedia.org/wiki/http_status_codes
Session 8 Deployment Descriptor 1 Reading Reading and Reference en.wikipedia.org/wiki/http Reference http headers en.wikipedia.org/wiki/list_of_http_headers http status codes en.wikipedia.org/wiki/_status_codes
More informationMicroBlaze TFTP Server User Guide
Lorne Applebaum appleba@eecg.utoronto.ca August 25, 2004 1 Preamble This document describes the intended method of use for the MicroBlaze TFTP Server. For detailed information regarding how the server
More informationOperational Experiences With High-Volume Network Intrusion Detection
Operational Experiences With High-Volume Network Intrusion Detection Holger Dreger 1 Anja Feldmann 1 Vern Paxson 2 Robin Sommer 1 1 TU München Germany 2 ICSI / LBNL Berkeley, CA, USA ACM Computer and Communications
More informationCSMC 412. Computer Networks Prof. Ashok K Agrawala Ashok Agrawala Set 2. September 15 CMSC417 Set 2 1
CSMC 412 Computer Networks Prof. Ashok K Agrawala 2015 Ashok Agrawala Set 2 September 15 CMSC417 Set 2 1 Contents Client-server paradigm End systems Clients and servers Sockets Socket abstraction Socket
More informationDxP Protocol Version 1.2
DxP Protocol 1. Overview The DxP Protocol is packet based protocol designed to be extensible. This protocol is transmitted over via TCP on a port selected by the user. The factory default port is 9100.
More information1. Purpose. 2. Description Run-Time Issues Overview
1. Purpose CPS 470/570: Computer Networks Assignment 4, due 11:55 PM, 4-19-2017 Receive an F for this course if dishonesty occurs Receive 5 bonus points if submit it without errors one day before the deadline
More informationEthernet Industrial I/O Modules API and Programming Guide Model 24xx Family Rev.A August 2010
Ethernet Industrial I/O Modules API and Programming Guide Model 24xx Family Rev.A August 2010 Designed and manufactured in the U.S.A. SENSORAY p. 503.684.8005 email: info@sensoray.com www.sensoray.com
More informationLecture 2-ter. 2. A communication example Managing a HTTP v1.0 connection. Managing a HTTP request. transport session. Step 1 - opening transport
Lecture 2-ter. 2 A communication example Managing a HTTP v1.0 connection Managing a HTTP request User digits URL and press return (or clicks ). What happens (HTTP 1.0): 1. opens a TCP transport session
More informationSpiNNaker Application Programming Interface (API)
SpiNNaker Application Programming Interface (API) Version 2.0.0 10 March 2016 Application programming interface (API) Event-driven programming model The SpiNNaker API programming model is a simple, event-driven
More informationEduardo
Eduardo Silva @edsiper eduardo@treasure-data.com About Me Eduardo Silva Github & Twitter Personal Blog @edsiper http://edsiper.linuxchile.cl Treasure Data Open Source Engineer Fluentd / Fluent Bit http://github.com/fluent
More informationNetX and NetX Duo SNMP Agent Module Guide
Application Note Renesas Synergy Platform R11AN0346EU0100 Rev.1.00 Introduction This module guide will enable you to effectively use a module in your own design. Upon completion of this guide, you will
More informationNetwork Programming. Introduction to Sockets. Dr. Thaier Hayajneh. Process Layer. Network Layer. Berkeley API
Network Programming Outline Definitions Dr. Thaier Hayajneh Computer Engineering Department Berkeley API Socket definition and types Introduction to Sockets 1 2 Process Process Process Layer TCP SCTP UDP
More informationVAST. AUnifiedPlatformforInteractiveNetworkForensics. Matthias Vallentin 1,2 Vern Paxson 1,2 Robin Sommer 2,3. March 17, 2016 USENIX NSDI
VAST AUnifiedPlatformforInteractiveNetworkForensics Matthias Vallentin 1,2 Vern Paxson 1,2 Robin Sommer 2,3 1 UC Berkeley 2 International Computer Science Institute (ICSI) 3 Lawrence Berkeley National
More informationDetecting and exploiting integer overflows
Detecting and exploiting integer overflows Guillaume TOURON Laboratoire Verimag, Ensimag - Grenoble INP Marie-Laure Potet, Laurent Mounier 20/05/11 1 / 18 Context Binary representation Integers misinterpretation
More informationThe NIDS Cluster: Scalable, Stateful Network Intrusion Detection on Commodity Hardware
The NIDS Cluster: Scalable, Stateful Network Intrusion Detection on Commodity Hardware Matthias Vallentin 1, Robin Sommer 2,3, Jason Lee 2, Craig Leres 2 Vern Paxson 3,2, and Brian Tierney 2 1 TU München
More informationADVENTURE_IO Input/Output format and libraries for ADVENTURE modules List of Input/Output Functions February 17, 2006
ADVENTURE_IO Input/Output format and libraries for ADVENTURE modules List of Input/Output Functions February 17, 2006 ADVENTURE Project Contents 1. Open/Close of Adv file... 3 2. Open/Close of AdvDocument...
More informationStrategies for Sound Internet Measurement
Strategies for Sound Internet Measurement Vern Paxson Presented by Hossein Falaki Vern Paxson M.S. and Ph.D. degrees Berkeley Staff scientist at the Lawrence Berkeley National Laboratory Founder of the
More informationVisual Profiler. User Guide
Visual Profiler User Guide Version 3.0 Document No. 06-RM-1136 Revision: 4.B February 2008 Visual Profiler User Guide Table of contents Table of contents 1 Introduction................................................
More informations Protocol Buffer Knight76 at gmail.com
s Protocol Buffer Knight76 at gmail.com 1. RPC, Not RPC 2.. Proto (structed data) Proto Compiler C++ Java python References Protocol Buffers: A new open source release http://www.youtube.com/watch?v=k-
More informationFoundations of Python
Foundations of Python Network Programming The comprehensive guide to building network applications with Python Second Edition Brandon Rhodes John Goerzen Apress Contents Contents at a Glance About the
More informationSOCKETLIB. Requirements
SOCKETLIB SocketLib is an event based, semi-asynchronous socket stream. It derives from standard C++ sockets, therefore, all extractors (>>) and inserters (
More informationnftables switchdev support
nftables switchdev support Pablo Neira Ayuso Netdev 1.1 February 2016 Sevilla, Spain nftables switchdev support Steps: Check if switchdev is available If so, transparently insertion
More informationCSCI 136: Fundamentals of Computer Science II Keith Vertanen Copyright 2012
Web clients in Java CSCI 136: Fundamentals of Computer Science II Keith Vertanen Copyright 2012 The World Wide Web History Main components: URLs, HTTP Protocol, HTML Web support in Java Overview Connecting
More informationNetwork Communication
Network Communication Processes communicating Process: program running within a host. q within same host, two processes communicate using inter- process communica6on (defined by OS). q processes in different
More informationBroker. Matthias Vallentin UC Berkeley International Computer Science Institute (ICSI) BroCon '16
Broker Matthias Vallentin UC Berkeley International Computer Science Institute (ICSI) BroCon '16 Communication in Bro Exploiting Independent State For Network Intrusion Detection Tap Broccoli, Independent
More informationCSC209 Review. Yeah! We made it!
CSC209 Review Yeah! We made it! 1 CSC209: Software tools Unix files and directories permissions utilities/commands Shell programming quoting wild cards files 2 ... and C programming... C basic syntax functions
More informationNetworked Applications: Sockets. Goals of Todayʼs Lecture. End System: Computer on the ʻNet. Client-server paradigm End systems Clients and servers
Networked Applications: Sockets CS 375: Computer Networks Spring 2009 Thomas Bressoud 1 Goals of Todayʼs Lecture Client-server paradigm End systems Clients and servers Sockets and Network Programming Socket
More informationProject-2 Continued. Subhojeet Mukherjee CSU Database and Security Research Group
Project-2 Continued Subhojeet Mukherjee CSU Database and Security Research Group Storyboard IP: 129.82.34.24 IP: 129.62.14.90 IP: 219.65.74.90 IP: 219.62.21.91 I know what you did last summer from this
More informationDefault arguments, documentation
, documentation Comp Sci 1570 Introduction to C++ Outline 1 2 to functions A default parameter (also called an optional parameter or a default argument) is a function parameter that has a default value
More informationRM0327 Reference manual
Reference manual Multi-Target Trace API version 1.0 Overview Multi-Target Trace (MTT) is an application instrumentation library that provides a consistent way to embed instrumentation into a software application,
More informationSensors Network Simulators
Sensors Network Simulators Sensing Networking Qing Fang 10/14/05 Computation This Talk Not on how to run various network simulators Instead What differentiates various simulators Brief structures of the
More informationHypertext Transfer Protocol (NetX Duo HTTP) User Guide Express Logic, Inc.
Hypertext Transfer Protocol (NetX Duo HTTP) User Guide Express Logic, Inc. 858.613.6640 Toll Free 888.THREADX FAX 858.521.4259 www.expresslogic.com 2002-2015 by Express Logic, Inc. All rights reserved.
More informationComputer Networks Prof. Ashok K. Agrawala
CMSC417 Computer Networks Prof. Ashok K. Agrawala 2018Ashok Agrawala September 6, 2018 Fall 2018 Sept 6, 2018 1 Overview Client-server paradigm End systems Clients and servers Sockets Socket abstraction
More informationAcroloop Motion Controller CAcroLite C++ Class
Automation Acroloop Motion Controller CAcroLite C++ Class Effective: October 7, 2002 INTRODUCTION The CAcroLite class provides the C++ programmer with an encapsulated method of communicating with an Acroloop
More informationNational Aeronautics and Space and Administration Space Administration. cfe Release 6.6
National Aeronautics and Space and Administration Space Administration cfe Release 6.6 1 1 A Summary of cfe 6.6 All qualification testing and documentation is now complete and the release has been tagged
More informationProtocol Buffers, grpc
Protocol Buffers, grpc Szolgáltatásorientált rendszerintegráció Service-Oriented System Integration Dr. Balázs Simon BME, IIT Outline Remote communication application level vs. transport level protocols
More informationSession 9. Deployment Descriptor Http. Reading and Reference. en.wikipedia.org/wiki/http. en.wikipedia.org/wiki/list_of_http_headers
Session 9 Deployment Descriptor Http 1 Reading Reading and Reference en.wikipedia.org/wiki/http Reference http headers en.wikipedia.org/wiki/list_of_http_headers http status codes en.wikipedia.org/wiki/http_status_codes
More informationThe Bro Network Security Monitor. Broadmap. Bro Workshop NCSA, Urbana-Champaign, IL. Bro Workshop 2011
The Bro Network Security Monitor Broadmap NCSA, Urbana-Champaign, IL Outline Near- to Medium-term Roadmap Current Research Projects Workshop Wrap-Up 2 Version 2.0 Final 3 Version 2.0 Final Timeline: Early
More informationRealtek MQTT User Guide. This document provides guideline to use MQTT module in SDK.
Realtek MQTT User Guide This document provides guideline to use MQTT module in SDK. Table of Contents 1 MQTT Protocol Introduction... 3 1.1 Message format... 3 1.2 Connect and Keep Alive... 4 1.3 Publish...
More informationFinding Vulnerabilities in Source Code
Finding Vulnerabilities in Source Code Jason Miller CSCE 813 Fall 2012 Outline Approaches to code review Signatures of common vulnerabilities Language-independent considerations Tools for code browsing
More informationDeveloping Stateful Middleboxes with the mos API KYOUNGSOO PARK & YOUNGGYOUN MOON
Developing Stateful Middleboxes with the mos API KYOUNGSOO PARK & YOUNGGYOUN MOON ASIM JAMSHED, DONGHWI KIM, & DONGSU HAN SCHOOL OF ELECTRICAL ENGINEERING, KAIST Network Middlebox Networking devices that
More informationLab 9: Network Capture
Lab 9: Network Capture Link: http://www.asecuritysite.com/csn09112/software01 Video demo: https://www.youtube.com/watch?v=raphjch2spe 1 Number formats Within cryptography we often have to present numbers
More informationCSC209: Software tools. Unix files and directories permissions utilities/commands Shell programming quoting wild cards files
CSC209 Review CSC209: Software tools Unix files and directories permissions utilities/commands Shell programming quoting wild cards files ... and systems programming C basic syntax functions arrays structs
More informationCSC209: Software tools. Unix files and directories permissions utilities/commands Shell programming quoting wild cards files. Compiler vs.
CSC209 Review CSC209: Software tools Unix files and directories permissions utilities/commands Shell programming quoting wild cards files... and systems programming C basic syntax functions arrays structs
More informationApplication Layer Introduction; HTTP; FTP
Application Layer Introduction; HTTP; FTP Tom Kelliher, CS 325 Feb. 4, 2011 1 Administrivia Announcements Assignment Read 2.4 2.6. From Last Time Packet-switched network characteristics; protocol layers
More informationEPICS Stream Device Programming. Marty Smith APS Engineering Support Division
EPICS Stream Device Programming Marty Smith APS Engineering Support Division Agenda Introduction to Stream Device EPICS Databases and Stream Device Stream Device Protocols and Protocol Files Adding Stream
More informationNabto Serial Link Protocol
Nabto Serial Link Protocol Nabto TM Nabto Serial Link Protocol Page 1 of 22 Contents Vocabulary... 4 Introduction... 5 Access Control... 5 Connection type... 5 Access Control List... 5 Protocol details...
More informationCall DLL from Limnor Applications
Call DLL from Limnor Applications There is a lot of computer software in the format of dynamic link libraries (DLL). DLLCaller performer allows your applications to call DLL functions directly. Here we
More informationLCA14-107: ACPI upstreaming. Wed-5-Mar, 11:15am, Al Stone, G Gregory, Hanjun Guo
LCA14-107: ACPI upstreaming Wed-5-Mar, 11:15am, Al Stone, G Gregory, Hanjun Guo ACPI Upstreaming Staged for 3.15 (in linux-next): Odds and ends: APEI cleanups, white space, minor bugs in ACPI driver Reduced
More informationDerusbi (Server Variant) Analysis
Derusbi (Server Variant) Analysis Overview There are two types of Derusbi malware: a client-server model and a server-client model. Both types provide basic RAT functionality with the distinction between
More informationRDBE Host Software. Doc No: X3C 2009_07_21_1 TODO: Add appropriate document number. XCube Communication 1(13)
RDBE Host Software Doc No: X3C 2009_07_21_1 TODO: Add appropriate document number XCube Communication 1(13) Document history Change date Changed by Version Notes 09-07-21 09:12 Mikael Taveniku PA1 New
More informationMulticast Dissemination Protocol (MDP) Developer's Guide
Multicast Dissemination Protocol (MDP) Developer's Guide Brian Adamson Newlink Global Engineering Corporation Joe Macker Naval Research Laboratory 1
More informationNabto SDK Nabto Serial Link Protocol
Nabto SDK Nabto Serial Link Protocol Nabto/001/TEN/011 Nabto Nabto/001/TEN/011 Nabto Serial Link Protocol Page 1 of 23 Vocabulary Contents 1 Vocabulary... 4 2 Introduction... 5 3 Access control... 5 3.1
More informationSA30228 / CVE
Generated by Secunia 29 May, 2008 5 pages Table of Contents Introduction 2 Technical Details 2 Exploitation 4 Characteristics 4 Tested Versions 5 Fixed Versions 5 References 5 Generated by Secunia 29 May,
More informationData Structures CS 315 Spring 2017
Data Structures CS 315 Spring 2017 First Exam Given on Monday, 6 March 2017 There are five problems on this exam spread over six pages. The last page contains the definition of class Token as it appeared
More informationCS 140 Project 4 File Systems Review Session
CS 140 Project 4 File Systems Review Session Prachetaa Due Friday March, 14 Administrivia Course withdrawal deadline today (Feb 28 th ) 5 pm Project 3 due today (Feb 28 th ) Review section for Finals on
More informationTiWi-SL Wi-Fi Component
TiWi-SL Wi-Fi Component Publication Date: 2013/11/11 XMOS 2013, All Rights Reserved. TiWi-SL Wi-Fi Component 2/24 Table of Contents 1 Overview 3 1.1 Wi-Fi TiWi-SL component...................................
More informationProcesses communicating. Network Communication. Sockets. Addressing processes 4/15/2013
Processes communicating Network Communication Process: program running within a host. within same host, two processes communicate using inter-process communication (defined by OS). processes in different
More informationMumble Protocol. Release alpha
Mumble Protocol Release 1.2.5-alpha Nov 06, 2017 Contents 1 Contents 1 1.1 Introduction............................................... 1 1.2 Overview................................................. 1
More informationJRTPLIB Jori Liesenborgs March 26, 2006
JRTPLIB 3.5.2 Jori Liesenborgs jori@lumumba.uhasselt.be March 26, 2006 Developed at the The Expertise Centre for Digital Media (EDM), a research institute of the Hasselt University http://www.edm.uhasselt.be/
More informationInternet Connectivity with
Internet Connectivity with Introduction The purpose of this workshop is to help you g et acquainted with the basics of internet connectivity by leveraging ARM mbed tools. If you are not already familiar
More informationCourse 834 EC-Council Certified Secure Programmer Java (ECSP)
Course 834 EC-Council Certified Secure Programmer Java (ECSP) Duration: 3 days You Will Learn How To Apply Java security principles and secure coding practices Java Security Platform, Sandbox, JVM, Class
More informationfile:///c:/users/hpguo/dropbox/website/teaching/fall 2017/CS4470/H...
1 of 9 11/26/2017, 11:28 AM Homework 3 solutions 1. A window holds bytes 2001 to 5000. The next byte to be sent is 3001. Draw a figure to show the situation of the window after the following two events:
More informationDeveloper manual. (Onvif Client Library) Happytimesoft Technology Co.,LTD
Developer manual (Onvif Client Library) Happytimesoft Technology Co.,LTD Declaration All rights reserved. No part of this publication may be excerpted, reproduced, translated, annotated or edited, in any
More informationSocket Programming. #In the name of Allah. Computer Engineering Department Sharif University of Technology CE443- Computer Networks
#In the name of Allah Computer Engineering Department Sharif University of Technology CE443- Computer Networks Socket Programming Acknowledgments: Lecture slides are from Computer networks course thought
More informationDesign principles in parser design
Design principles in parser design Glen Gibb Dept. of Electrical Engineering Advisor: Prof. Nick McKeown Header parsing? 2 Header parsing? Identify headers & extract fields A???? B???? C?? Field Field
More informationTizen OAL Interface & Sensor
Tizen OAL Interface & Sensor Minsoo Ryu Real-Time Computing and Communications Lab. Hanyang University msryu@rtcc.hanyang.ac.kr Contents Tizen OAL Overview Tizen Sensor Architecture Tizen OAL in sensor
More informationESP8266_NONOS_MESH_API
ESP8266_NONOS_MESH_API V1.0.0 Generated by Doxygen 1.8.10 Wed Feb 3 2016 17:06:45 Contents 1 Module Index 1 1.1 Modules................................................ 1 2 Data Structure Index 3 2.1 Data
More informationMaRTE OS Misc utilities
MaRTE OS Misc utilities Daniel Sangorrin daniel.sangorrin@{unican.es, gmail.com} rev 0.1: 2008-5-12 1. Circular Memory Buffer This is a generic software component that allows the user to write some data
More informationModule : ServerIron ADX Packet Capture
Module : ServerIron ADX Packet Capture Objectives Upon completion of this module, you will be able to: Describe Brocade ServerIron ADX (ADX) Packet Capture feature Configure and verify the Packet Capture
More informationCOMP2330 Data Communications and Networking
COMP2330 Data Communications and Networking Dr. Chu Xiaowen (Second semester, 2009-2010 academic year) Laboratory 3 Last update: Feb-3-2009 Use Wireshark to Analyze IP Packet Objectives: (1) Use Wireshark
More informationNetworked Applications: Sockets. End System: Computer on the Net
Networked Applications: Sockets Topics Programmer s view of the Internet Sockets interface End System: Computer on the Net Internet Also known as a host 2 Page 1 Clients and Servers Client program Running
More informationPKTLAB. PacketLab: A Universal Measurement Endpoint Interface
PacketLab: A Universal Measurement Endpoint Interface Kirill Levchenko with Amogh Dhamdhere, Bradley Huffaker, kc claffy, Mark Allman, Vern Paxson PKTLAB Edge Measurement Active measurement from end hosts
More informationAudio Weaver 2.0. Platform Developers Guide
Audio Weaver 2.0 Platform Developers Guide Copyright Information 2008 DSP Concepts, LLC., ALL RIGHTS RESERVED. This document may not be reproduced in any form without prior, express written consent from
More informationThe Internet Protocol (IP)
The Internet Protocol (IP) The Blood of the Internet (C) Herbert Haas 2005/03/11 "Information Superhighway is really an acronym for 'Interactive Network For Organizing, Retrieving, Manipulating, Accessing
More informationTrace Services and Audit in Firebird
Trace Services and Audit in Firebird Trace Services and Audit What is Trace Services Trace Sessions User trace sessions and Audit trace session How it works How to manage trace sessions How to use it in
More informationCS267 Homework 1: Fast Matrix Multiply
CS267 Homework 1: Fast Matrix Multiply S Woo X, Simon Scott April 18, 2012 1 Introduction The VEGAS HPC uses three shared memory data buffers, one between each of the data processing threads. There is
More informationSupporting Cloud Native with DPDK and containers KEITH INTEL CORPORATION
x Supporting Cloud Native with DPDK and containers KEITH WILES @ INTEL CORPORATION Making Applications Cloud Native Friendly How can we make DPDK Cloud Native Friendly? Reduce startup resources for quicker
More informationCuckoo Monitor Documentation
Cuckoo Monitor Documentation Release 1.3 Jurriaan Bremer Oct 03, 2017 Contents 1 Requirements 3 2 Required packages 5 3 Compilation 7 4 Components 9 4.1 C Framework...............................................
More informationLocalizing GTK+ Theppitak Karoonboonyanan January 2004
Localizing GTK+ Theppitak Karoonboonyanan thep@linux.thai.net January 2004 Abstract This paper summarizes information gathered by the author during contributing to Pango and GTK+ projects and developing
More informationDynamic Software Updating (DSU) on a Large Scale. Karla Saur
Dynamic Software Updating (DSU) on a Large Scale Karla Saur Kitsune: A Practical DSU System Whole-program updates for C Entirely standard compilation and tools Previously with Kitsune: 2 Kitsune: A Practical
More informationProgramming Proverbs
Programming Proverbs slide 1 8. Avoid side effects. Henry F. Ledgard, Programming Proverbs: Principles of Good Programming with Numerous Examples to Improve Programming Style and Proficiency, (Hayden Computer
More informationTutorial on Socket Programming
Tutorial on Socket Programming Computer Networks - CSC 458 Department of Computer Science Hao Wang (Slides are mainly from Seyed Hossein Mortazavi, Monia Ghobadi, and Amin Tootoonchian, ) 1 Outline Client-server
More informationWi-Fi Component REV A. Publication Date: 2013/3/8 XMOS 2013, All Rights Reserved.
Wi-Fi Component Publication Date: 2013/3/8 XMOS 2013, All Rights Reserved. Wi-Fi Component 2/25 Table of Contents 1 Overview 3 1.1 Wi-Fi TiWi-SL component................................... 3 1.1.1 Features........................................
More information