OF PRESENTING THE RESULTS OF NETWORK TRAFFIC ANALYSIS

The article proposes different methods of presenting network traffic analysis results, the need for which arises primarily in the area of network security. One of the most important tasks is to identify malicious traffic. For this purpose both the complete graph of network interactions and time-based packet diagram are presented. These components are used during investigation of information security violation incidents. The timing diagram is also used in analysis of tunneling protocols because it allows the analyst to determine which protocol headers are necessary to visualize. For tasks associated with reverse engineering and debugging of network protocols, it is proposed to use a journal which records protocol header parsing errors. Presented graphic components either have no analogues among the opensource tools or improve on existing opensource solutions.

network traffic analysis, network protocols debugging, graph of network interactions, visualization, error log

1. Snort. https://www.snort.org/, accessed 10.10.2016

2. The Bro Network Security Monitor. https://www.bro.org/, accessed 10.10.2016

3. Yu. V. Markin, A. S. Sanarov. The modern network traffic analyzers overview. Preprinty ISP RAN [Preprints of ISP RAS], №27, 2014 (in Russian)

4. Wireshark. https://www.wireshark.org/, accessed 10.10.2016

5. IETF RFC 2784. D. Farinacci, T. Li, S. Hanks, D. Meyer, P. Traina, Generic Routing Encapsulation, March 2000

6. The Protocol Hierarchy window. https://www.wireshark.org/docs/wsug_html_chunked/ChStatHierarchy.html, accessed 10.10.2016

7. Get'man A. I., Markin Yu. V., Padaryan V. A., Tikhonov A. Yu. Model of data handling for in-depth analysis of network traffic. Trudy ISP RAN / Proc. ISP RAS, 2015, vol. 27, issue. 4, pp. 5-22 (in Russian). DOI: 10.15514/ISPRAS-2015-27(4)-1

8. Robert Shimonski. The Wireshark Field Guide: Analyzing and Troubleshooting Network Traffic. Elsevier Science & Technology Books, 2013, 128 p.