Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Network intrusion detection: evasion, traffic normalization, and end-to-end protocol semantics
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Packet trace manipulation rramework for test labs
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Strategies for sound internet measurement
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
binpac: a yacc for writing application protocol parsers
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
A Tool for Offline and Live Testing of Evasion Resilience in Network Intrusion Detection Systems
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
| Hi-index | 0.00 |
We present the design and implementation of a framework for inspection, visualization, and modification of tcpdump packet trace files. The system is modularized into components for distinct application purposes, readily extensible, accessible through programmatic and graphical interfaces, and capable of handling trace files of arbitrary size and content. We include experiences of using the system in several real-world scenarios.