NCAP — Distributed Network Capture with Shared Analysis
スポンサーリンク
概要
- 論文の詳細を見る
We describe NCAP, a new network capturing tool for distributed sensor systems. NCAP operates on messages rather than on packets, and so performs full IP reassembly at the point of measurement. The resulting data can either be managed as files or be transmitted as encapsulated UDP datagrams either unicast or multicast. The NCAP library is highly portable with C and Python interfaces, and has a plug-in mechanism whereby analysis logic can be written discretely and without regard to the handling of encapsulated datagrams or files.The primary application of NCAP is the Security Information Exchange, where cooperating distributed sensor operators now submit captured DNS traffic to a centralized location for subsequent long-running analysis. Examples of value added reprocessing and rebroadcast will be shown, as well as samples of captured traffic and of possible security problems illuminated by our analysis. These results will show that NCAP makes it possible to capture, share, and analyze live network data on a larger scale than has ever been done.
著者
関連論文
- Practical Resource Adaptation for Broadband Application Using Portable Computers(Special Issue on New Technologies in the Internet and their Applications)
- Permissible Link Quality for RFID Anti-Collision in a Practical Environment
- USE OF RFID AT LARGE-SCALE EVENTS
- NAT-MANEMO : Global Connectivity for MANET Node by Using NEMO and NAT
- Routing Optimization for Nested Mobile Networks(Mobile Multimedia Communications)
- Enhanced Mobile Network Protocol for Its Robustness and Policy Based Routing(Mobile Networking)(Internet Technology IV)
- Basic Network Mobility Support for Internet ITS (特集 ユビキタス環境のモバイル通信システムとITS)
- Basic Network Mobility Support for Internet ITS
- Software architecture of a dynamically configurable IP layer (モバイルコンピューティングとユビキタス通信・高度交通システム)
- Software Architecture of a Dynamically Configurable IP Layer
- IPv4 Traversal for the NEMO Basic Support Protocol by IPv4 Care-of Address Registration(Internet Technology V)
- MIBsocket: An Integrated Mechanism to Manipulate General Network Information in Mobile Communications (Special Issue on Internet Technology)
- Internet Metronome : An Experimental Remote Jazz Jam Session with Uncompressed HDTV Transmission over Lightpaths(Internet Technology VI)
- Establishment of Controlling IEEE1394 devices over the network
- Implementing TCP-Friendliness in Digital Video over IP (特集 マルチメディアコミュニケーションシステム)
- Preliminary Field-Trial for QoS Routing and Dynamic SLA (Special Issue on Internet Technology)
- Special Issue on Internet Technology
- Architecture for IP Multicast Deployment : Challenges and Practice(Internet Technology VI)
- Linux IPv6 Stack Implementation Based on Serialized Data State Processing(Implementation and Operation)(Internet Technology IV)
- A Link-Layer Tunneling Mechanism for Unidirectional Links (Special Issue on Internet Technology)
- MANEMO Routing in Practice : Protocol Selection, Expected Performance, and Experimental Evaluation
- NAT-MANEMO: Route Optimization for Unlimited Network Extensibility in MANEMO
- On Global Multicast Networks Using Satellite Unidirectional Links(Network Protocols)
- Delay Aware Two-Step Timers for Large Groups Scalability (Implementation and Operation)(Internet Technology IV)
- NCAP — Distributed Network Capture with Shared Analysis
- Preventing Child Neglect in DNSSECbis Using Lookaside Validation (DLV)(Internet Technology V)
- Design and Deployment of Post-Disaster Recovery Internet in 2011 Tohoku Earthquake
- Collaborating Remote Computer Laboratory and Distance Learning Approach for Hands-on IT Education
- Collaborating Remote Computer Laboratory and Distance Learning Approach for Hands-on IT Education