Presented at
DEF CON 20 (2012),
July 27, 2012, 5 p.m.
(20 minutes)
Analyzing live network traffic is nothing new but the tools still seem limited. Wireshark is great for post capture analysis but when the packets are coming at you live, nothing currently gives your stream or session level visibility. How many times have you clicked 'Follow this stream' just to have that stream update and you have to reprocess the entire PCAP? That's great when it's just your machine but when you're monitoring a network, it limits your view and is a pain. As more traffic adds, this problem grows and makes life for your little netbook quite painful. Enter DivaShark - your live packet capture solution.
**pause for uproarious applause and standing ovation**
DivaShark is designed around live packet capture analysis. It breaks traffic down into connections/flows and lets you process them independently. It continues to parse the data as it comes in so that you can pay attention to the data you really care about. It's design allows you to perform processing live per stream and perform actions like extraction of files or images. This project really came about after frustration with Wireshark while playing Capture the Packet the past two years and is an answer to this sort of situation. What I'm proposing is that someone can kill capture-the-packet with this tool w ithout breaking a sweat (yes this might be a challenge).
Presenters:
-
Robert Deaton
Robert Deaton is a new guy on the block who has been sitting on the sideline for the last several years. While his focus has mainly been in math and physics, computer science and security has always been a passion he holds close. After recently getting back into the arena he has set out to make his life easier by writing tools that automate things for him. When he's not drinking with friends, out catching a concert, or thrill seeking on a snowboard or mountain bike, he can be found moderating numerous subreddits and complaining about human stupidity while he does it.
Links:
Similar Presentations: