Passive TCP Reconstruction and Forensic Analysis with tcpflow
Garfinkel, Simson L.
MetadataShow full item record
Passive TCP session reconstruction essential for many kinds of network forensics and law enforcement operations, but it is is complicated by packet loss, retransmissions, and possible attacks by adversaries. The key problem is that participants in the TCP session may observe the TCP segments differently than the monitor. An Added complication is the lack of familiarity with network protocols by many forensic analysts, resulting in the need for tools that are easy-to-use and able to tolerate a wide range of data. To address these issues we rewrote the open source network forensics tool tcpflow, making it more robust to anomalies that had been reported to us by users. We also improved the program’s usability and performance on large packet captures, and added simple visualization that produces a one-page summary PDF for packet captures of any size.
Approved for public release; distribution is unlimited
NPS Report NumberNPS-CS-13-003
Showing items related by title, author, creator and subject.
Rohr, Karl C. (Monterey California. Naval Postgraduate School, 2006-09);The intent of the author is to establish a methodology for future forcible interventions in the affairs of failed, failing or rogue and terrorist sponsoring states in order to stabilize and democratize these nations in ...
The Role of the Military in Reconstruction: Examining Expeditionary Economics and Provisional Reconstruction Teams Amara, Jomana (2012);A new term has entered the economic reconstruction lexicon: “expeditionary economics.” While there is some disagreement over the exact meaning of the term and the objectives of the concept, a consensus definition could ...