Packet filtering is a technology at the foundation of many traffic analysis tasks. While languages and tools for packet filtering have been available for many years, none of them supports filters operating on the encapsulation relationships found in each packet. This represents a problem as the number of possible encapsulations used to transport traffic is steadily increasing and we cannot define exactly which packets have to be captured. This paper presents our early work on an algorithm that models protocol filtering patterns (including encapsulation constraints) as Finite State Automata and supports the composition of multiple expressions within the same filter. The resulting, optimized filter is then translated into executable code. The above filtering algorithms are available in the NetBee open source library, which provides some basic tools for handling network packets (e.g., a tcpdump-like program) and APIs to build more advanced tools.

Filtering Network Traffic Based on Protocol Encapsulation Rules / Cerrato, Ivano; Leogrande, Marco; Risso, FULVIO GIOVANNI OTTAVIO. - STAMPA. - (2013), pp. 1058-1063. (Intervento presentato al convegno International Conference on Computing, Networking and Communications (ICNC 2013) tenutosi a San Diego (USA) nel January 28-31, 2013) [10.1109/ICCNC.2013.6504238].

Filtering Network Traffic Based on Protocol Encapsulation Rules

CERRATO, IVANO;LEOGRANDE, MARCO;RISSO, FULVIO GIOVANNI OTTAVIO
2013

Abstract

Packet filtering is a technology at the foundation of many traffic analysis tasks. While languages and tools for packet filtering have been available for many years, none of them supports filters operating on the encapsulation relationships found in each packet. This represents a problem as the number of possible encapsulations used to transport traffic is steadily increasing and we cannot define exactly which packets have to be captured. This paper presents our early work on an algorithm that models protocol filtering patterns (including encapsulation constraints) as Finite State Automata and supports the composition of multiple expressions within the same filter. The resulting, optimized filter is then translated into executable code. The above filtering algorithms are available in the NetBee open source library, which provides some basic tools for handling network packets (e.g., a tcpdump-like program) and APIs to build more advanced tools.
2013
9781467352871
File in questo prodotto:
File Dimensione Formato  
fsa_filtering.pdf

accesso aperto

Tipologia: 1. Preprint / submitted version [pre- review]
Licenza: PUBBLICO - Tutti i diritti riservati
Dimensione 1.16 MB
Formato Adobe PDF
1.16 MB Adobe PDF Visualizza/Apri
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11583/2503367
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo