SlideShare ist ein Scribd-Unternehmen logo

Pattern-Oriented Network Trace Analysis

Dmitry Vostokov
Dmitry Vostokov

Software Narratology found its successful application in software diagnostics of abnormal software behavior, especially in the pattern-driven and pattern-based analysis of software logs from complex systems with millions of events, thousands of threads, hundreds of processes and modules. This is the full transcript of Software Diagnostics Services seminar (27th of June 2013) about the new application of software narratology to network trace analysis with examples from Wireshark. Topics include: A Narrative Interpretation of Wireshark, Definitions of Software Diagnostics and Diagnostic Pattern, Pattern Orientation and Pattern Catalog Classification, Trace and Log Analysis Patterns, Definitions of Software Narrative, Software and Network Traces, Network Trace Analysis as A Part of Software Trace Analysis, Trace Maps, Name Resolution, Trace Presentation, Minimal Trace Graphs, Pattern-Driven and Pattern-Based Analysis, Trace and Log Pattern Classification, Discussion of 20 Selected Patterns.

Software
1 von 49
Downloaden Sie, um offline zu lesen
Network Trace Analysis Dmitry Vostokov Software Diagnostics Services Version 1.0 Facebook LinkedIn Twitter
Wireshark Hark  Listen (to) “Hark! There’s the big bombardment.”  Speak in one’s ear; whisper Shorter Oxford English Dictionary Hark back (idiom)  To return to a previous point, as in a narrative http://www.thefreedictionary.com/hark © 2013 Software Diagnostics Services
Prerequisites  Interest in software diagnostics, troubleshooting, debugging and network trace analysis  Experience in network trace analysis using Wireshark or Network Monitor © 2013 Software Diagnostics Services
Why?  A common diagnostics language  Network diagnostics as software diagnostics © 2013 Software Diagnostics Services
Software Diagnostics A discipline studying abnormal software structure and behavior in software execution artifacts (such as memory dumps, software and network traces and logs) using pattern-driven, systemic and pattern-based analysis methodologies. © 2013 Software Diagnostics Services
Diagnostics Pattern A common recurrent identifiable problem together with a set of recommendations and possible solutions to apply in a specific context. © 2013 Software Diagnostics Services
Pattern Orientation © 2013 Software Diagnostics Services Pattern-driven  Finding patterns in software artefacts  Using checklists and pattern catalogs Pattern-based  Pattern catalog evolution  Catalog packaging and delivery
Catalog Classification  By abstraction Meta-patterns  By artifact type Software Log* Memory Dump Network Trace*  By story type Problem Description Software Disruption UI Problem  By intention Malware © 2013 Software Diagnostics Services
Traces and Logs © 2013 Software Diagnostics Services
Trace and Log Patterns © 2013 Software Diagnostics Services
Software Narrative A temporal sequence of events related to software execution. © 2013 Software Diagnostics Services
Software Trace © 2013 Software Diagnostics Services  A sequence of formatted messages  Arranged by time  A narrative story
Network Trace © 2013 Software Diagnostics Services  A sequence of formatted packets as trace messages  Arranged by time  A narrative story
Network Trace Analysis © 2013 Software Diagnostics Services Software Trace Analysis Patterns Network Trace Analysis Patterns
Capture Tool Placing  Sniffer placing  Process Monitor placing © 2013 Software Diagnostics Services
Trace Maps  Network map  Deployment architecture map © 2013 Software Diagnostics Services
Name Resolution  MAC -> IP and IP -> DNS  PID -> process name © 2013 Software Diagnostics Services
Trace Presentation © 2013 Software Diagnostics Services Full Trace (Story, Fable, Fabula) Trace 1 (Plot, Sujet) Trace 2 (Plot, Sujet) Trace 3 (Plot, Sujet) Trace 4 (Plot, Sujet) Trace 5 (Plot, Sujet) Trace Presentation A (Discourse) Trace Presentation B (Discourse) Trace Presentation C (Discourse)
Minimal Trace Graphs © 2013 Software Diagnostics Services Time # Src Dst Time Message
Pattern-Driven Analysis © 2013 Software Diagnostics Services Logs Checklists Patterns Action
Pattern-Based Analysis © 2013 Software Diagnostics Services Software Trace New Pattern Discovery Pattern Catalog + Usage
Pattern Classification © 2013 Software Diagnostics Services  Vocabulary  Error  Trace as a Whole  Large Scale  Activity  Message  Block  Trace Set
Reference and Course © 2013 Software Diagnostics Services  Catalog from Software Diagnostics Library Software Trace Analysis Patterns  Free reference graphical slides Accelerated-Windows-Software-Trace-Analysis-Public.pdf  Training course* Accelerated Windows Software Trace Analysis * Available as a full color paperback book, PDF book, on SkillsSoft Books 24x7. Recording is available for all book formats
Selected Patterns © 2013 Software Diagnostics Services
Master Trace Normal network capture © 2013 Software Diagnostics Services Pattern Category Trace Set
Message Current Packets/s © 2013 Software Diagnostics Services Time # Src Dst Time Message Time # Src Dst Time Message 10.100 10.200 10.100 12.100 J1 > J2 Pattern Category Trace as a Whole
Message Density D1 > D2 © 2013 Software Diagnostics Services Time # Src Dst Time Message Pattern Category Trace as a Whole
Characteristic Block D1 < D2 L1 > L2 © 2013 Software Diagnostics Services Time # Src Dst Time Message Pattern Category Large Scale
Example © 2013 Software Diagnostics Services
Thread of Activity © 2013 Software Diagnostics Services Pattern Category Activity Time # Src Dst Time Message Time # Src Dst Time Message
Adjoint Thread Filtered by:  Source  Destination  Protocol  Message  Expression © 2013 Software Diagnostics Services Pattern Category Activity Time # Src Dst Time Message Time # Src Dst Time Message
No Activity © 2013 Software Diagnostics Services Time # Src Dst Time Message We messages from other servers but only see our own traffic Pattern Category Activity
Discontinuity © 2013 Software Diagnostics Services Pattern Category Activity Time # Src Dst Time Message Time # Src Dst Time Message
Dialog Conversation between 2 endpoints © 2013 Software Diagnostics Services Time # Src Dst Time Message
Significant Event Time Reference feature in Wireshark © 2013 Software Diagnostics Services Time # Src Dst Time Message Pattern Category Message
Marked Messages Marked Packets feature in Wireshark © 2013 Software Diagnostics Services Annotated messages: session initialization [+] session tear-off [-] port A activity [+] port B activity [-] protocol C used [-] address D used [-] [+] activity is present in a trace [-] activity is undetected or not present Pattern Category Message
Partition Connection initiation (Prologue) and termination (Epilogue) © 2013 Software Diagnostics Services Tail Epilogue Head Time Prologue Core # Src Dst Time Message Pattern Category Trace as a Whole
Inter-Correlation  Several packet sniffers at once  Internal and external views Process Monitor log + network trace © 2013 Software Diagnostics Services Pattern Category Trace Set
Circular Trace © 2013 Software Diagnostics Services Pattern Category Trace as a Whole Time # Src Dst Time Message Problem Repro
Split Trace © 2013 Software Diagnostics Services Pattern Category Trace Set Time # Src Dst Time Message # PID TID Time Message # PID TID Time Message
Paratext Info column in Wireshark © 2013 Software Diagnostics Services
Frames OSI, TCP/IP Layers © 2013 Software Diagnostics Services Time # Src Dst Time Message Pattern Category Large Scale
Visibility Limit Visibility window for sniffing © 2013 Software Diagnostics Services PC 1 PC 2 PC 3 sniffer Pattern Category Trace as a Whole
Incomplete History  Packet loss  Missing ACK © 2013 Software Diagnostics Services
Possible New Patterns  Full Trace (promiscuous mode)  Embedded Message (PDU chain, protocol data unit, packet)  Ordered Message (TCP/IP sequence numbers)  Illegal Message (sniffed with illegally obtained privileges)  Dual Trace (in / out, duplex) © 2013 Software Diagnostics Services
Further Reading  Practical Packet Analysis, 2nd edition, by Chris Sanders  Software Diagnostics Institute  Memory Dump Analysis Anthology: Volumes 3, 4, 5, 6, … Volume 7 is in preparation (July, 2013)  Introduction to Software Narratology  Malware Narratives © 2013 Software Diagnostics Services
What’s Next? © 2013 Software Diagnostics Services  Accelerated Network Trace Analysis  Generative Software Narratology  Pattern-Oriented Hardware Signal Analysis
Q&A Please send your feedback using the contact form on DumpAnalysis.com © 2013 Software Diagnostics Services
Thank you for attendance! © 2013 Software Diagnostics Services Facebook LinkedIn Twitter

Empfohlen

sDDS: An Adaptable DDS Solution for Wireless Sensor Networks
sDDS: An Adaptable DDS Solution for Wireless Sensor NetworkssDDS: An Adaptable DDS Solution for Wireless Sensor Networks
sDDS: An Adaptable DDS Solution for Wireless Sensor NetworksReal-Time Innovations (RTI)
 
State of the art parallel approaches for
State of the art parallel approaches forState of the art parallel approaches for
State of the art parallel approaches forijcsa
 
Survey of Different DNA Cryptography based Algorithms
Survey of Different DNA Cryptography based AlgorithmsSurvey of Different DNA Cryptography based Algorithms
Survey of Different DNA Cryptography based AlgorithmsIRJET Journal
 
Signpost at FOCI 2013
Signpost at FOCI 2013Signpost at FOCI 2013
Signpost at FOCI 2013Amir Chaudhry
 
Network Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using WiresharkNetwork Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using Wiresharkn|u - The Open Security Community
 
Java Abs Scalable Wireless Ad Hoc Network Simulation Using
Java Abs Scalable Wireless Ad Hoc Network Simulation UsingJava Abs Scalable Wireless Ad Hoc Network Simulation Using
Java Abs Scalable Wireless Ad Hoc Network Simulation Usingncct
 
G43053847
G43053847G43053847
G43053847IJERA Editor
 
Performance evaluation of Hard and Soft Wimax by using PGP and PKM protocols ...
Performance evaluation of Hard and Soft Wimax by using PGP and PKM protocols ...Performance evaluation of Hard and Soft Wimax by using PGP and PKM protocols ...
Performance evaluation of Hard and Soft Wimax by using PGP and PKM protocols ...IOSR Journals
 

Empfohlen

sDDS: An Adaptable DDS Solution for Wireless Sensor Networks
sDDS: An Adaptable DDS Solution for Wireless Sensor NetworkssDDS: An Adaptable DDS Solution for Wireless Sensor Networks
sDDS: An Adaptable DDS Solution for Wireless Sensor NetworksReal-Time Innovations (RTI)
 
State of the art parallel approaches for
State of the art parallel approaches forState of the art parallel approaches for
State of the art parallel approaches forijcsa
 
Survey of Different DNA Cryptography based Algorithms
Survey of Different DNA Cryptography based AlgorithmsSurvey of Different DNA Cryptography based Algorithms
Survey of Different DNA Cryptography based AlgorithmsIRJET Journal
 
Signpost at FOCI 2013
Signpost at FOCI 2013Signpost at FOCI 2013
Signpost at FOCI 2013Amir Chaudhry
 
Network Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using WiresharkNetwork Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using Wiresharkn|u - The Open Security Community
 
Java Abs Scalable Wireless Ad Hoc Network Simulation Using
Java Abs Scalable Wireless Ad Hoc Network Simulation UsingJava Abs Scalable Wireless Ad Hoc Network Simulation Using
Java Abs Scalable Wireless Ad Hoc Network Simulation Usingncct
 
G43053847
G43053847G43053847
G43053847IJERA Editor
 
Performance evaluation of Hard and Soft Wimax by using PGP and PKM protocols ...
Performance evaluation of Hard and Soft Wimax by using PGP and PKM protocols ...Performance evaluation of Hard and Soft Wimax by using PGP and PKM protocols ...
Performance evaluation of Hard and Soft Wimax by using PGP and PKM protocols ...IOSR Journals
 
IRJET- Data Security in Network Flow using Obfuscation Technique
IRJET- Data Security in Network Flow using Obfuscation TechniqueIRJET- Data Security in Network Flow using Obfuscation Technique
IRJET- Data Security in Network Flow using Obfuscation TechniqueIRJET Journal
 
Nwc rsa
Nwc rsaNwc rsa
Nwc rsaanupamnm
 
(130511) #fitalk network forensics and its role and scope
(130511) #fitalk network forensics and its role and scope(130511) #fitalk network forensics and its role and scope
(130511) #fitalk network forensics and its role and scopeINSIGHT FORENSIC
 
An4101227230
An4101227230An4101227230
An4101227230IJERA Editor
 
IRJET- Estimating Various DHT Protocols
IRJET- Estimating Various DHT ProtocolsIRJET- Estimating Various DHT Protocols
IRJET- Estimating Various DHT ProtocolsIRJET Journal
 
Markle Tree Based Authentication Protocol for Lifetime Enhancement in Wireles...
Markle Tree Based Authentication Protocol for Lifetime Enhancement in Wireles...Markle Tree Based Authentication Protocol for Lifetime Enhancement in Wireles...
Markle Tree Based Authentication Protocol for Lifetime Enhancement in Wireles...Eswar Publications
 
DETECTION OF ALGORITHMICALLY GENERATED MALICIOUS DOMAIN
DETECTION OF ALGORITHMICALLY GENERATED MALICIOUS DOMAINDETECTION OF ALGORITHMICALLY GENERATED MALICIOUS DOMAIN
DETECTION OF ALGORITHMICALLY GENERATED MALICIOUS DOMAINcscpconf
 
DoS Forensic Exemplar Comparison to a Known Sample
DoS Forensic Exemplar Comparison to a Known SampleDoS Forensic Exemplar Comparison to a Known Sample
DoS Forensic Exemplar Comparison to a Known SampleCSCJournals
 
Detection of application layer ddos attack using hidden semi markov model (20...
Detection of application layer ddos attack using hidden semi markov model (20...Detection of application layer ddos attack using hidden semi markov model (20...
Detection of application layer ddos attack using hidden semi markov model (20...Mumbai Academisc
 
BasepaperControlling IP Spoofing through Interdomain Packet Filters
BasepaperControlling IP Spoofing through Interdomain Packet FiltersBasepaperControlling IP Spoofing through Interdomain Packet Filters
BasepaperControlling IP Spoofing through Interdomain Packet Filtersbhasker nalaveli
 
Controlling ip spoofing through inter domain packet filters(synopsis)
Controlling ip spoofing through inter domain packet filters(synopsis)Controlling ip spoofing through inter domain packet filters(synopsis)
Controlling ip spoofing through inter domain packet filters(synopsis)Mumbai Academisc
 
An analysis of the skype peer to-peer
An analysis of the skype peer to-peerAn analysis of the skype peer to-peer
An analysis of the skype peer to-peerxiaoran815
 
An experimental study of the skype peer to-peer vo ip system
An experimental study of the skype peer to-peer vo ip systemAn experimental study of the skype peer to-peer vo ip system
An experimental study of the skype peer to-peer vo ip systemxiaoran815
 
An enhanced ip traceback mechanism for tracking the attack source using packe...
An enhanced ip traceback mechanism for tracking the attack source using packe...An enhanced ip traceback mechanism for tracking the attack source using packe...
An enhanced ip traceback mechanism for tracking the attack source using packe...IAEME Publication
 
1670 1673
1670 16731670 1673
1670 1673Editor IJARCET
 
Ijnsa050211
Ijnsa050211Ijnsa050211
Ijnsa050211IJNSA Journal
 
Authentication in Different Scenarios
Authentication in Different ScenariosAuthentication in Different Scenarios
Authentication in Different ScenariosRaj Sikarwar
 
Content aware p2 p video streaming with lowlatency
Content aware p2 p video streaming with lowlatencyContent aware p2 p video streaming with lowlatency
Content aware p2 p video streaming with lowlatencyxiaoran815
 
Linguistic Passphrase Cracking
Linguistic Passphrase CrackingLinguistic Passphrase Cracking
Linguistic Passphrase CrackingPriyanka Aash
 
Malware Narratives
Malware NarrativesMalware Narratives
Malware NarrativesDmitry Vostokov
 
Distributed Systems: How to connect your real-time applications
Distributed Systems: How to connect your real-time applicationsDistributed Systems: How to connect your real-time applications
Distributed Systems: How to connect your real-time applicationsJaime Martin Losa
 
DDS Enabling Open Architecture
DDS Enabling Open ArchitectureDDS Enabling Open Architecture
DDS Enabling Open ArchitectureReal-Time Innovations (RTI)
 

Weitere ähnliche Inhalte

Was ist angesagt?

IRJET- Data Security in Network Flow using Obfuscation Technique
IRJET- Data Security in Network Flow using Obfuscation TechniqueIRJET- Data Security in Network Flow using Obfuscation Technique
IRJET- Data Security in Network Flow using Obfuscation TechniqueIRJET Journal
 
(130511) #fitalk network forensics and its role and scope
(130511) #fitalk network forensics and its role and scope(130511) #fitalk network forensics and its role and scope
(130511) #fitalk network forensics and its role and scopeINSIGHT FORENSIC
 
IRJET- Estimating Various DHT Protocols
IRJET- Estimating Various DHT ProtocolsIRJET- Estimating Various DHT Protocols
IRJET- Estimating Various DHT ProtocolsIRJET Journal
 
Markle Tree Based Authentication Protocol for Lifetime Enhancement in Wireles...
Markle Tree Based Authentication Protocol for Lifetime Enhancement in Wireles...Markle Tree Based Authentication Protocol for Lifetime Enhancement in Wireles...
Markle Tree Based Authentication Protocol for Lifetime Enhancement in Wireles...Eswar Publications
 
DETECTION OF ALGORITHMICALLY GENERATED MALICIOUS DOMAIN
DETECTION OF ALGORITHMICALLY GENERATED MALICIOUS DOMAINDETECTION OF ALGORITHMICALLY GENERATED MALICIOUS DOMAIN
DETECTION OF ALGORITHMICALLY GENERATED MALICIOUS DOMAINcscpconf
 
DoS Forensic Exemplar Comparison to a Known Sample
DoS Forensic Exemplar Comparison to a Known SampleDoS Forensic Exemplar Comparison to a Known Sample
DoS Forensic Exemplar Comparison to a Known SampleCSCJournals
 
Detection of application layer ddos attack using hidden semi markov model (20...
Detection of application layer ddos attack using hidden semi markov model (20...Detection of application layer ddos attack using hidden semi markov model (20...
Detection of application layer ddos attack using hidden semi markov model (20...Mumbai Academisc
 
BasepaperControlling IP Spoofing through Interdomain Packet Filters
BasepaperControlling IP Spoofing through Interdomain Packet FiltersBasepaperControlling IP Spoofing through Interdomain Packet Filters
BasepaperControlling IP Spoofing through Interdomain Packet Filtersbhasker nalaveli
 
Controlling ip spoofing through inter domain packet filters(synopsis)
Controlling ip spoofing through inter domain packet filters(synopsis)Controlling ip spoofing through inter domain packet filters(synopsis)
Controlling ip spoofing through inter domain packet filters(synopsis)Mumbai Academisc
 
An analysis of the skype peer to-peer
An analysis of the skype peer to-peerAn analysis of the skype peer to-peer
An analysis of the skype peer to-peerxiaoran815
 
An experimental study of the skype peer to-peer vo ip system
An experimental study of the skype peer to-peer vo ip systemAn experimental study of the skype peer to-peer vo ip system
An experimental study of the skype peer to-peer vo ip systemxiaoran815
 
An enhanced ip traceback mechanism for tracking the attack source using packe...
An enhanced ip traceback mechanism for tracking the attack source using packe...An enhanced ip traceback mechanism for tracking the attack source using packe...
An enhanced ip traceback mechanism for tracking the attack source using packe...IAEME Publication
 
Authentication in Different Scenarios
Authentication in Different ScenariosAuthentication in Different Scenarios
Authentication in Different ScenariosRaj Sikarwar
 
Content aware p2 p video streaming with lowlatency
Content aware p2 p video streaming with lowlatencyContent aware p2 p video streaming with lowlatency
Content aware p2 p video streaming with lowlatencyxiaoran815
 
Linguistic Passphrase Cracking
Linguistic Passphrase CrackingLinguistic Passphrase Cracking
Linguistic Passphrase CrackingPriyanka Aash
 

Was ist angesagt? (19)

IRJET- Data Security in Network Flow using Obfuscation Technique
IRJET- Data Security in Network Flow using Obfuscation TechniqueIRJET- Data Security in Network Flow using Obfuscation Technique
IRJET- Data Security in Network Flow using Obfuscation Technique
 
Nwc rsa
Nwc rsaNwc rsa
Nwc rsa
 
(130511) #fitalk network forensics and its role and scope
(130511) #fitalk network forensics and its role and scope(130511) #fitalk network forensics and its role and scope
(130511) #fitalk network forensics and its role and scope
 
An4101227230
An4101227230An4101227230
An4101227230
 
IRJET- Estimating Various DHT Protocols
IRJET- Estimating Various DHT ProtocolsIRJET- Estimating Various DHT Protocols
IRJET- Estimating Various DHT Protocols
 
Markle Tree Based Authentication Protocol for Lifetime Enhancement in Wireles...
Markle Tree Based Authentication Protocol for Lifetime Enhancement in Wireles...Markle Tree Based Authentication Protocol for Lifetime Enhancement in Wireles...
Markle Tree Based Authentication Protocol for Lifetime Enhancement in Wireles...
 
DETECTION OF ALGORITHMICALLY GENERATED MALICIOUS DOMAIN
DETECTION OF ALGORITHMICALLY GENERATED MALICIOUS DOMAINDETECTION OF ALGORITHMICALLY GENERATED MALICIOUS DOMAIN
DETECTION OF ALGORITHMICALLY GENERATED MALICIOUS DOMAIN
 
DoS Forensic Exemplar Comparison to a Known Sample
DoS Forensic Exemplar Comparison to a Known SampleDoS Forensic Exemplar Comparison to a Known Sample
DoS Forensic Exemplar Comparison to a Known Sample
 
Detection of application layer ddos attack using hidden semi markov model (20...
Detection of application layer ddos attack using hidden semi markov model (20...Detection of application layer ddos attack using hidden semi markov model (20...
Detection of application layer ddos attack using hidden semi markov model (20...
 
BasepaperControlling IP Spoofing through Interdomain Packet Filters
BasepaperControlling IP Spoofing through Interdomain Packet FiltersBasepaperControlling IP Spoofing through Interdomain Packet Filters
BasepaperControlling IP Spoofing through Interdomain Packet Filters
 
Controlling ip spoofing through inter domain packet filters(synopsis)
Controlling ip spoofing through inter domain packet filters(synopsis)Controlling ip spoofing through inter domain packet filters(synopsis)
Controlling ip spoofing through inter domain packet filters(synopsis)
 
An analysis of the skype peer to-peer
An analysis of the skype peer to-peerAn analysis of the skype peer to-peer
An analysis of the skype peer to-peer
 
An experimental study of the skype peer to-peer vo ip system
An experimental study of the skype peer to-peer vo ip systemAn experimental study of the skype peer to-peer vo ip system
An experimental study of the skype peer to-peer vo ip system
 
An enhanced ip traceback mechanism for tracking the attack source using packe...
An enhanced ip traceback mechanism for tracking the attack source using packe...An enhanced ip traceback mechanism for tracking the attack source using packe...
An enhanced ip traceback mechanism for tracking the attack source using packe...
 
1670 1673
1670 16731670 1673
1670 1673
 
Ijnsa050211
Ijnsa050211Ijnsa050211
Ijnsa050211
 
Authentication in Different Scenarios
Authentication in Different ScenariosAuthentication in Different Scenarios
Authentication in Different Scenarios
 
Content aware p2 p video streaming with lowlatency
Content aware p2 p video streaming with lowlatencyContent aware p2 p video streaming with lowlatency
Content aware p2 p video streaming with lowlatency
 
Linguistic Passphrase Cracking
Linguistic Passphrase CrackingLinguistic Passphrase Cracking
Linguistic Passphrase Cracking
 

Ähnlich wie Pattern-Oriented Network Trace Analysis

Distributed Systems: How to connect your real-time applications
Distributed Systems: How to connect your real-time applicationsDistributed Systems: How to connect your real-time applications
Distributed Systems: How to connect your real-time applicationsJaime Martin Losa
 
Resume_Appaji
Resume_AppajiResume_Appaji
Resume_AppajiAppaji K
 
DDS Advanced Tutorial - OMG June 2013 Berlin Meeting
DDS Advanced Tutorial - OMG June 2013 Berlin MeetingDDS Advanced Tutorial - OMG June 2013 Berlin Meeting
DDS Advanced Tutorial - OMG June 2013 Berlin MeetingJaime Martin Losa
 
PinTrace Advanced AWS meetup
PinTrace Advanced AWS meetup PinTrace Advanced AWS meetup
PinTrace Advanced AWS meetup Suman Karumuri
 
Pattern-Based Software Diagnostics
Pattern-Based Software DiagnosticsPattern-Based Software Diagnostics
Pattern-Based Software DiagnosticsDmitry Vostokov
 
Protecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperProtecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperShakas Technologies
 
Protecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperProtecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperShakas Technologies
 
Desktop, Embedded and Mobile Apps with PrismTech Vortex Cafe
Desktop, Embedded and Mobile Apps with PrismTech Vortex CafeDesktop, Embedded and Mobile Apps with PrismTech Vortex Cafe
Desktop, Embedded and Mobile Apps with PrismTech Vortex CafeADLINK Technology IoT
 
Desktop, Embedded and Mobile Apps with Vortex Café
Desktop, Embedded and Mobile Apps with Vortex CaféDesktop, Embedded and Mobile Apps with Vortex Café
Desktop, Embedded and Mobile Apps with Vortex CaféAngelo Corsaro
 
Fast RTPS: Programming with the Default Middleware for Robotics Adopted in ROS2
Fast RTPS: Programming with the Default Middleware for Robotics Adopted in ROS2Fast RTPS: Programming with the Default Middleware for Robotics Adopted in ROS2
Fast RTPS: Programming with the Default Middleware for Robotics Adopted in ROS2Jaime Martin Losa
 
Topic # 16 of outline Managing Network Services.pptx
Topic # 16 of outline Managing Network Services.pptxTopic # 16 of outline Managing Network Services.pptx
Topic # 16 of outline Managing Network Services.pptxAyeCS11
 
Real Time Java DDS
Real Time Java DDSReal Time Java DDS
Real Time Java DDSkerush
 
DDS: The IoT Data Sharing Standard
DDS: The IoT Data Sharing StandardDDS: The IoT Data Sharing Standard
DDS: The IoT Data Sharing StandardAngelo Corsaro
 
Fiware - communicating with ROS robots using Fast RTPS
Fiware - communicating with ROS robots using Fast RTPSFiware - communicating with ROS robots using Fast RTPS
Fiware - communicating with ROS robots using Fast RTPSJaime Martin Losa
 
Web Services Discovery for Devices
Web Services Discovery for DevicesWeb Services Discovery for Devices
Web Services Discovery for DevicesJorgen Thelin
 
2010.hari_kannan.phd_thesis.slides.pdf
2010.hari_kannan.phd_thesis.slides.pdf2010.hari_kannan.phd_thesis.slides.pdf
2010.hari_kannan.phd_thesis.slides.pdfAlexKarasulu1
 
Fiware: Connecting to robots
Fiware: Connecting to robotsFiware: Connecting to robots
Fiware: Connecting to robotsJaime Martin Losa
 
Prototype Implementation of a Demand Driven Network Monitoring Architecture
Prototype Implementation of a Demand Driven Network Monitoring ArchitecturePrototype Implementation of a Demand Driven Network Monitoring Architecture
Prototype Implementation of a Demand Driven Network Monitoring ArchitectureAugusto Ciuffoletti
 

Ähnlich wie Pattern-Oriented Network Trace Analysis (20)

Malware Narratives
Malware NarrativesMalware Narratives
Malware Narratives
 
Distributed Systems: How to connect your real-time applications
Distributed Systems: How to connect your real-time applicationsDistributed Systems: How to connect your real-time applications
Distributed Systems: How to connect your real-time applications
 
DDS Enabling Open Architecture
DDS Enabling Open ArchitectureDDS Enabling Open Architecture
DDS Enabling Open Architecture
 
Resume_Appaji
Resume_AppajiResume_Appaji
Resume_Appaji
 
DDS Advanced Tutorial - OMG June 2013 Berlin Meeting
DDS Advanced Tutorial - OMG June 2013 Berlin MeetingDDS Advanced Tutorial - OMG June 2013 Berlin Meeting
DDS Advanced Tutorial - OMG June 2013 Berlin Meeting
 
PinTrace Advanced AWS meetup
PinTrace Advanced AWS meetup PinTrace Advanced AWS meetup
PinTrace Advanced AWS meetup
 
Pattern-Based Software Diagnostics
Pattern-Based Software DiagnosticsPattern-Based Software Diagnostics
Pattern-Based Software Diagnostics
 
Protecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperProtecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropper
 
Protecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperProtecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropper
 
Desktop, Embedded and Mobile Apps with PrismTech Vortex Cafe
Desktop, Embedded and Mobile Apps with PrismTech Vortex CafeDesktop, Embedded and Mobile Apps with PrismTech Vortex Cafe
Desktop, Embedded and Mobile Apps with PrismTech Vortex Cafe
 
Desktop, Embedded and Mobile Apps with Vortex Café
Desktop, Embedded and Mobile Apps with Vortex CaféDesktop, Embedded and Mobile Apps with Vortex Café
Desktop, Embedded and Mobile Apps with Vortex Café
 
Fast RTPS: Programming with the Default Middleware for Robotics Adopted in ROS2
Fast RTPS: Programming with the Default Middleware for Robotics Adopted in ROS2Fast RTPS: Programming with the Default Middleware for Robotics Adopted in ROS2
Fast RTPS: Programming with the Default Middleware for Robotics Adopted in ROS2
 
Topic # 16 of outline Managing Network Services.pptx
Topic # 16 of outline Managing Network Services.pptxTopic # 16 of outline Managing Network Services.pptx
Topic # 16 of outline Managing Network Services.pptx
 
Real Time Java DDS
Real Time Java DDSReal Time Java DDS
Real Time Java DDS
 
DDS: The IoT Data Sharing Standard
DDS: The IoT Data Sharing StandardDDS: The IoT Data Sharing Standard
DDS: The IoT Data Sharing Standard
 
Fiware - communicating with ROS robots using Fast RTPS
Fiware - communicating with ROS robots using Fast RTPSFiware - communicating with ROS robots using Fast RTPS
Fiware - communicating with ROS robots using Fast RTPS
 
Web Services Discovery for Devices
Web Services Discovery for DevicesWeb Services Discovery for Devices
Web Services Discovery for Devices
 
2010.hari_kannan.phd_thesis.slides.pdf
2010.hari_kannan.phd_thesis.slides.pdf2010.hari_kannan.phd_thesis.slides.pdf
2010.hari_kannan.phd_thesis.slides.pdf
 
Fiware: Connecting to robots
Fiware: Connecting to robotsFiware: Connecting to robots
Fiware: Connecting to robots
 
Prototype Implementation of a Demand Driven Network Monitoring Architecture
Prototype Implementation of a Demand Driven Network Monitoring ArchitecturePrototype Implementation of a Demand Driven Network Monitoring Architecture
Prototype Implementation of a Demand Driven Network Monitoring Architecture
 

Mehr von Dmitry Vostokov

Accelerated Windows Debugging 3 training public slides
Accelerated Windows Debugging 3 training public slidesAccelerated Windows Debugging 3 training public slides
Accelerated Windows Debugging 3 training public slidesDmitry Vostokov
 
Accelerated .NET Memory Dump Analysis training public slides
Accelerated .NET Memory Dump Analysis training public slidesAccelerated .NET Memory Dump Analysis training public slides
Accelerated .NET Memory Dump Analysis training public slidesDmitry Vostokov
 

Mehr von Dmitry Vostokov (20)

Accelerated Windows Debugging 3 training public slides
Accelerated Windows Debugging 3 training public slidesAccelerated Windows Debugging 3 training public slides
Accelerated Windows Debugging 3 training public slides
 
Accelerated .NET Memory Dump Analysis training public slides
Accelerated .NET Memory Dump Analysis training public slidesAccelerated .NET Memory Dump Analysis training public slides
Accelerated .NET Memory Dump Analysis training public slides
 
Debugging TV Frame 0x1C
Debugging TV Frame 0x1CDebugging TV Frame 0x1C
Debugging TV Frame 0x1C
 
Debugging TV Frame 0x1A
Debugging TV Frame 0x1ADebugging TV Frame 0x1A
Debugging TV Frame 0x1A
 
Debugging TV Frame 0x34
Debugging TV Frame 0x34Debugging TV Frame 0x34
Debugging TV Frame 0x34
 
Debugging TV Frame 0x33
Debugging TV Frame 0x33Debugging TV Frame 0x33
Debugging TV Frame 0x33
 
Debugging TV Frame 0x31
Debugging TV Frame 0x31Debugging TV Frame 0x31
Debugging TV Frame 0x31
 
Debugging TV Frame 0x25
Debugging TV Frame 0x25Debugging TV Frame 0x25
Debugging TV Frame 0x25
 
Debugging TV Frame 0x24
Debugging TV Frame 0x24Debugging TV Frame 0x24
Debugging TV Frame 0x24
 
Debugging TV Frame 0x21
Debugging TV Frame 0x21Debugging TV Frame 0x21
Debugging TV Frame 0x21
 
Debugging TV Frame 0x20
Debugging TV Frame 0x20Debugging TV Frame 0x20
Debugging TV Frame 0x20
 
Debugging TV Frame 0x19
Debugging TV Frame 0x19Debugging TV Frame 0x19
Debugging TV Frame 0x19
 
Debugging TV Frame 0x18
Debugging TV Frame 0x18Debugging TV Frame 0x18
Debugging TV Frame 0x18
 
Debugging TV Frame 0x17
Debugging TV Frame 0x17Debugging TV Frame 0x17
Debugging TV Frame 0x17
 
Debugging TV Frame 0x16
Debugging TV Frame 0x16Debugging TV Frame 0x16
Debugging TV Frame 0x16
 
Debugging TV Frame 0x15
Debugging TV Frame 0x15Debugging TV Frame 0x15
Debugging TV Frame 0x15
 
Debugging TV Frame 0x14
Debugging TV Frame 0x14Debugging TV Frame 0x14
Debugging TV Frame 0x14
 
Debugging TV Frame 0x13
Debugging TV Frame 0x13Debugging TV Frame 0x13
Debugging TV Frame 0x13
 
Debugging TV Frame 0x12
Debugging TV Frame 0x12Debugging TV Frame 0x12
Debugging TV Frame 0x12
 
Debugging TV Frame 0x11
Debugging TV Frame 0x11Debugging TV Frame 0x11
Debugging TV Frame 0x11
 

Kürzlich hochgeladen

ManageIQ - Sprint 236 Review - Slide Deck
ManageIQ - Sprint 236 Review - Slide DeckManageIQ - Sprint 236 Review - Slide Deck
ManageIQ - Sprint 236 Review - Slide DeckManageIQ
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfonteinmasabamasaba
 
10 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 202410 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 2024Mind IT Systems
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfonteinmasabamasaba
 
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verifiedSector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verifiedDelhi Call girls
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech studentsHimanshiGarg82
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplatePresentation.STUDIO
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrainmasabamasaba
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnAmarnathKambale
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...SelfMade bd
 
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...kalichargn70th171
 
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456KiaraTiradoMicha
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 

Kürzlich hochgeladen (20)

ManageIQ - Sprint 236 Review - Slide Deck
ManageIQ - Sprint 236 Review - Slide DeckManageIQ - Sprint 236 Review - Slide Deck
ManageIQ - Sprint 236 Review - Slide Deck
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
10 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 202410 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 2024
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verifiedSector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
 
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 

Pattern-Oriented Network Trace Analysis

  • 1. Network Trace Analysis Dmitry Vostokov Software Diagnostics Services Version 1.0 Facebook LinkedIn Twitter
  • 2. Wireshark Hark  Listen (to) “Hark! There’s the big bombardment.”  Speak in one’s ear; whisper Shorter Oxford English Dictionary Hark back (idiom)  To return to a previous point, as in a narrative http://www.thefreedictionary.com/hark © 2013 Software Diagnostics Services
  • 3. Prerequisites  Interest in software diagnostics, troubleshooting, debugging and network trace analysis  Experience in network trace analysis using Wireshark or Network Monitor © 2013 Software Diagnostics Services
  • 4. Why?  A common diagnostics language  Network diagnostics as software diagnostics © 2013 Software Diagnostics Services
  • 5. Software Diagnostics A discipline studying abnormal software structure and behavior in software execution artifacts (such as memory dumps, software and network traces and logs) using pattern-driven, systemic and pattern-based analysis methodologies. © 2013 Software Diagnostics Services
  • 6. Diagnostics Pattern A common recurrent identifiable problem together with a set of recommendations and possible solutions to apply in a specific context. © 2013 Software Diagnostics Services
  • 7. Pattern Orientation © 2013 Software Diagnostics Services Pattern-driven  Finding patterns in software artefacts  Using checklists and pattern catalogs Pattern-based  Pattern catalog evolution  Catalog packaging and delivery
  • 8. Catalog Classification  By abstraction Meta-patterns  By artifact type Software Log* Memory Dump Network Trace*  By story type Problem Description Software Disruption UI Problem  By intention Malware © 2013 Software Diagnostics Services
  • 9. Traces and Logs © 2013 Software Diagnostics Services
  • 10. Trace and Log Patterns © 2013 Software Diagnostics Services
  • 11. Software Narrative A temporal sequence of events related to software execution. © 2013 Software Diagnostics Services
  • 12. Software Trace © 2013 Software Diagnostics Services  A sequence of formatted messages  Arranged by time  A narrative story
  • 13. Network Trace © 2013 Software Diagnostics Services  A sequence of formatted packets as trace messages  Arranged by time  A narrative story
  • 14. Network Trace Analysis © 2013 Software Diagnostics Services Software Trace Analysis Patterns Network Trace Analysis Patterns
  • 15. Capture Tool Placing  Sniffer placing  Process Monitor placing © 2013 Software Diagnostics Services
  • 16. Trace Maps  Network map  Deployment architecture map © 2013 Software Diagnostics Services
  • 17. Name Resolution  MAC -> IP and IP -> DNS  PID -> process name © 2013 Software Diagnostics Services
  • 18. Trace Presentation © 2013 Software Diagnostics Services Full Trace (Story, Fable, Fabula) Trace 1 (Plot, Sujet) Trace 2 (Plot, Sujet) Trace 3 (Plot, Sujet) Trace 4 (Plot, Sujet) Trace 5 (Plot, Sujet) Trace Presentation A (Discourse) Trace Presentation B (Discourse) Trace Presentation C (Discourse)
  • 19. Minimal Trace Graphs © 2013 Software Diagnostics Services Time # Src Dst Time Message
  • 20. Pattern-Driven Analysis © 2013 Software Diagnostics Services Logs Checklists Patterns Action
  • 21. Pattern-Based Analysis © 2013 Software Diagnostics Services Software Trace New Pattern Discovery Pattern Catalog + Usage
  • 22. Pattern Classification © 2013 Software Diagnostics Services  Vocabulary  Error  Trace as a Whole  Large Scale  Activity  Message  Block  Trace Set
  • 23. Reference and Course © 2013 Software Diagnostics Services  Catalog from Software Diagnostics Library Software Trace Analysis Patterns  Free reference graphical slides Accelerated-Windows-Software-Trace-Analysis-Public.pdf  Training course* Accelerated Windows Software Trace Analysis * Available as a full color paperback book, PDF book, on SkillsSoft Books 24x7. Recording is available for all book formats
  • 24. Selected Patterns © 2013 Software Diagnostics Services
  • 25. Master Trace Normal network capture © 2013 Software Diagnostics Services Pattern Category Trace Set
  • 26. Message Current Packets/s © 2013 Software Diagnostics Services Time # Src Dst Time Message Time # Src Dst Time Message 10.100 10.200 10.100 12.100 J1 > J2 Pattern Category Trace as a Whole
  • 27. Message Density D1 > D2 © 2013 Software Diagnostics Services Time # Src Dst Time Message Pattern Category Trace as a Whole
  • 28. Characteristic Block D1 < D2 L1 > L2 © 2013 Software Diagnostics Services Time # Src Dst Time Message Pattern Category Large Scale
  • 29. Example © 2013 Software Diagnostics Services
  • 30. Thread of Activity © 2013 Software Diagnostics Services Pattern Category Activity Time # Src Dst Time Message Time # Src Dst Time Message
  • 31. Adjoint Thread Filtered by:  Source  Destination  Protocol  Message  Expression © 2013 Software Diagnostics Services Pattern Category Activity Time # Src Dst Time Message Time # Src Dst Time Message
  • 32. No Activity © 2013 Software Diagnostics Services Time # Src Dst Time Message We messages from other servers but only see our own traffic Pattern Category Activity
  • 33. Discontinuity © 2013 Software Diagnostics Services Pattern Category Activity Time # Src Dst Time Message Time # Src Dst Time Message
  • 34. Dialog Conversation between 2 endpoints © 2013 Software Diagnostics Services Time # Src Dst Time Message
  • 35. Significant Event Time Reference feature in Wireshark © 2013 Software Diagnostics Services Time # Src Dst Time Message Pattern Category Message
  • 36. Marked Messages Marked Packets feature in Wireshark © 2013 Software Diagnostics Services Annotated messages: session initialization [+] session tear-off [-] port A activity [+] port B activity [-] protocol C used [-] address D used [-] [+] activity is present in a trace [-] activity is undetected or not present Pattern Category Message
  • 37. Partition Connection initiation (Prologue) and termination (Epilogue) © 2013 Software Diagnostics Services Tail Epilogue Head Time Prologue Core # Src Dst Time Message Pattern Category Trace as a Whole
  • 38. Inter-Correlation  Several packet sniffers at once  Internal and external views Process Monitor log + network trace © 2013 Software Diagnostics Services Pattern Category Trace Set
  • 39. Circular Trace © 2013 Software Diagnostics Services Pattern Category Trace as a Whole Time # Src Dst Time Message Problem Repro
  • 40. Split Trace © 2013 Software Diagnostics Services Pattern Category Trace Set Time # Src Dst Time Message # PID TID Time Message # PID TID Time Message
  • 41. Paratext Info column in Wireshark © 2013 Software Diagnostics Services
  • 42. Frames OSI, TCP/IP Layers © 2013 Software Diagnostics Services Time # Src Dst Time Message Pattern Category Large Scale
  • 43. Visibility Limit Visibility window for sniffing © 2013 Software Diagnostics Services PC 1 PC 2 PC 3 sniffer Pattern Category Trace as a Whole
  • 44. Incomplete History  Packet loss  Missing ACK © 2013 Software Diagnostics Services
  • 45. Possible New Patterns  Full Trace (promiscuous mode)  Embedded Message (PDU chain, protocol data unit, packet)  Ordered Message (TCP/IP sequence numbers)  Illegal Message (sniffed with illegally obtained privileges)  Dual Trace (in / out, duplex) © 2013 Software Diagnostics Services
  • 46. Further Reading  Practical Packet Analysis, 2nd edition, by Chris Sanders  Software Diagnostics Institute  Memory Dump Analysis Anthology: Volumes 3, 4, 5, 6, … Volume 7 is in preparation (July, 2013)  Introduction to Software Narratology  Malware Narratives © 2013 Software Diagnostics Services
  • 47. What’s Next? © 2013 Software Diagnostics Services  Accelerated Network Trace Analysis  Generative Software Narratology  Pattern-Oriented Hardware Signal Analysis
  • 48. Q&A Please send your feedback using the contact form on DumpAnalysis.com © 2013 Software Diagnostics Services
  • 49. Thank you for attendance! © 2013 Software Diagnostics Services Facebook LinkedIn Twitter