共找到 20 条结果
This paper introduces a novel Wireshark dissector designed to facilitate the analysis of Service-Based Interface (SBI) communication in 5G Core Networks. Our approach involves parsing the OpenAPI schemes provided by the 5G specification to automatically generate the dissector code. Our tool enables the validation of 5G Core Network traces to ensure compliance with the specifications. Through testing against three open-source 5G Core Network projects, we identified several issues where messages deviate from specification standards, highlighting the significance of our implementation in ensuring protocol conformity and network reliability.
Network performance can be a prime concern for network administrators. The performance of the network depends on many factors. Some of the issues faced in the network performance are Slow Internet, Bottlenecks, Loss of packets and retransmissions, and Excessive bandwidth consumption. For troubleshooting a network, an in depth understanding of network protocols is required. The main objective of this research is to analyze the performance and various other parameters related to the integrity of a network in a home based network environment using Wireshark. Network traffic is captured for different devices. The captured traffic is then analyzed using Wireshark basic statistical tools and advanced tools for various performance parameters.
暂无摘要,请点击原文查看详情
Wireless chips and interfaces expose a substantial remote attack surface. As of today, most cellular baseband security research is performed on the Android ecosystem, leaving a huge gap on Apple devices. With iOS jailbreaks, last-generation wireless chips become fairly accessible for performance and security research. Yet, iPhones were never intended to be used as a research platform, and chips and interfaces are undocumented. One protocol to interface with such chips is Apple Remote Invocation (ARI), which interacts with the central phone component CommCenter and multiple user-space daemons, thereby posing a Remote Code Execution (RCE) attack surface. We are the first to reverse-engineer and fuzz-test the ARI interface on iOS. Our Ghidra scripts automatically generate a Wireshark dissector, called ARIstoteles, by parsing closed-source iOS libraries for this undocumented protocol. Moreover, we compare the quality of the dissector to fully-automated approaches based on static trace analysis. Finally, we fuzz the ARI interface based on our reverse-engineering results. The fuzzing results indicate that ARI does not only lack public security research but also has not been well-tested b
Smart devices, such as light bulbs, TVs, fridges, etc., equipped with computing capabilities and wireless communication, are part of everyday life in many households. Previous work has already shown that a passive eavesdropper can derive private information, household routines, etc., from the network traffic of smart devices. However, existing attacks rely on capable adversaries with specialized machine learning expertise, labeled training data and reference devices, leaving it unclear how vulnerable ordinary households are to less sophisticated attackers. In this paper, we investigate the extent to which a ,,casual attacker'' with straightforward IT skills and no specialized cybersecurity or ML tooling can reproduce such privacy attacks. Operating from an adjacent room in a real-world apartment building, we constrain our adversary to use only three off-the-shelf Raspberry Pis, Wireshark, and basic Python scripts. Through a three-week study, we demonstrate that this casual attacker can manually identify devices, recognize user states, track smartphone movements through walls via RSSI triangulation, and successfully extract detailed daily routines, including sleep patterns of guests
Unmanned aerial vehicle (UAV) swarms rely on distributed coordination and cooperative communication to support scalable operations, extended coverage, and applications such as surveillance and real-time data exchange. Wireless technologies such as radio frequency (RF) and WiFi are widely used for UAV-to-UAV and UAV-to-ground control station (GCS) communication but introduce significant security challenges. MAVLink, the predominant communication protocol in UAV systems, provides message integrity and authentication but lacks built-in encryption, leaving telemetry traffic vulnerable to eavesdropping. In our previous work, we proposed MAVShield, a lightweight encryption framework for MAVLink communications. In this paper, MAVShield, AES-CTR, Speck-CTR, ChaCha20, and Rabbit are integrated into four custom-built UAVs to establish secure communication links over RF and WiFi channels. Their performance is evaluated through flight experiments using a UAV swarm testbed. Encrypted telemetry data enable autonomous formation control and collision avoidance during flight. For collision avoidance, we develop a modified artificial potential field (APF) algorithm that computes attractive and repul
The performance of Dropbox, Google Drive, and OneDrive cloud storage services was evaluated under Wi-Fi and LTE network conditions during multimedia file uploads. Traffic was captured using Wireshark, and key metrics (including delay, jitter, bandwidth, and packet loss) were analyzed. Google Drive maintained the most consistent performance across both types of networks, showing low latency and reduced jitter. Dropbox showed efficient bandwidth utilization, but experienced a longer delay over LTE, attributed to a greater number of intermediate hops. OneDrive presented variable behavior, with elevated packet rates and increased sensitivity to fluctuations in the mobile network. A bimodal distribution of packet sizes was observed and modeled using a dual Poisson function. In general, Wi-Fi connections provided greater stability for multimedia transfers, while LTE performance varied depending on platform-specific implementations. The results contribute to a better understanding of traffic behavior in cloud-based storage applications and suggest further analysis with larger datasets and heterogeneous access networks.
The growing use of Internet of Things (IoT) technologies in Nigerian healthcare offers potential improvements in remote monitoring and data-driven care, but unsecured wireless communication in medical IoT (mIoT) devices exposes patient data to cyber threats. This study investigates such vulnerabilities through a real-time Man in the Middle (MITM) attack simulation and evaluates lightweight AES-128 encryption on low-cost devices. A prototype mIoT device was built with a NodeMCU ESP8266 and sensors for heart rate and temperature. In controlled lab conditions simulating local healthcare networks, unencrypted data transmissions were intercepted and altered using common tools (Bettercap, Wireshark). After AES-128 encryption was applied, all transmissions became unreadable and tamper attempts failed, demonstrating its effectiveness. Performance costs were modest, latency rose from 80 ms to 125 ms (56.25 percent increase) and CPU use from 30 percent to 45 percent, but system stability remained intact. Device cost stayed under 18,000 NGN (about 12 USD), making it feasible for Nigeria's resource constrained facilities. A survey of healthcare professionals showed moderate awareness of IoT-re
The ChatGPT Windows application offers better user interaction in the Windows operating system (OS) by enhancing productivity and streamlining the workflow of ChatGPT's utilization. However, there are potential misuses associated with this application that require rigorous forensic analysis. This study presents a holistic forensic analysis of the ChatGPT Windows application, focusing on identifying and recovering digital artifacts for investigative purposes. With the use of widely popular and openly available digital forensics tools such as Autopsy, FTK Imager, Magnet RAM Capture, Wireshark, and Hex Workshop, this research explores different methods to extract and analyze cache, chat logs, metadata, and network traffic from the application. Our key findings also demonstrate the history of the application's chat, user interactions, and system-level traces that can be recovered even after deletion, providing critical insights into the crime investigation and, thus, documenting and outlining a potential misuse report for digital forensics.
Parallel to our physical activities our virtual presence also leaves behind our unique digital fingerprints, while navigating on the Internet. These digital fingerprints have the potential to unveil users' activities encompassing browsing history, utilized applications, and even devices employed during these engagements. Many Internet users tend to use web browsers that provide the highest privacy protection and anonymization such as Tor. The success of such privacy protection depends on the Tor feature to anonymize end-user IP addresses and other metadata that constructs the website fingerprint. In this paper, we show that using the newest machine learning algorithms an attacker can deanonymize Tor traffic by applying such techniques. In our experimental framework, we establish a baseline and comparative reference point using a publicly available dataset from Universidad Del Cauca, Colombia. We capture network packets across 11 days, while users navigate specific web pages, recording data in .pcapng format through the Wireshark network capture tool. Excluding extraneous packets, we employ various machine learning algorithms in our analysis. The results show that the Gradient Boost
ATLASv2 is based on a previously generated dataset included in "ATLAS: A Sequence-based Learning Approach for Attack Investigation." The original ATLAS dataset is comprised of Windows Security Auditing system logs, Firefox logs, and DNS logs via WireShark. In ATLASv2, we aim to enrich the ATLAS dataset with higher quality background noise and additional logging vantage points. This work replicates the ten attack scenarios described in ATLAS, but extends the logging to include Sysmon logs and events tracked through VMware Carbon Black Cloud. The main contribution of ATLASv2 is to improve the quality of the benign system activity and the integration of the attack scenarios. Instead of relying on automated scripts to generate activity, we had two researchers use the victim machines as their primary work stations throughout the course of the engagement. This allowed us to capture system logs on actual user behavior. Additionally, the researchers conducted the attacks in a lab setup allowing the integration of the attack into the work flow of the victim user. This allows the ATLASv2 dataset to provide realistic system logs that mirror the system log activity generated in real-world atta
Vulnerability prediction refers to the problem of identifying system components that are most likely to be vulnerable. Typically, this problem is tackled by training binary classifiers on historical data. Unfortunately, recent research has shown that such approaches underperform due to the following two reasons: a) the imbalanced nature of the problem, and b) the inherently noisy historical data, i.e., most vulnerabilities are discovered much later than they are introduced. This misleads classifiers as they learn to recognize actual vulnerable components as non-vulnerable. To tackle these issues, we propose TROVON, a technique that learns from known vulnerable components rather than from vulnerable and non-vulnerable components, as typically performed. We perform this by contrasting the known vulnerable, and their respective fixed components. This way, TROVON manages to learn from the things we know, i.e., vulnerabilities, hence reducing the effects of noisy and unbalanced data. We evaluate TROVON by comparing it with existing techniques on three security-critical open source systems, i.e., Linux Kernel, OpenSSL, and Wireshark, with historical vulnerabilities that have been reporte
Network intrusion detection systems and antivirus software are essential in detecting malicious network traffic and attacks such as denial-of-service and malwares. Each attack, worm or virus has its own distinctive signature. Signature-based intrusion detection and antivirus systems depend on pattern matching to look for possible attack signatures. Pattern matching is a very complex task, which requires a lot of time, memory and computing resources. Software-based intrusion detection is not fast enough to match high network speeds and the increasing number of attacks. In this paper, we propose special purpose hardware for Wu-Manber pattern matching algorithm. FPGAs form an excellent choice because of their massively parallel structure, reprogrammable logic and memory resources. The hardware is designed in Verilog and implemented using Xilinx ISE. For evaluation, we dope network traffic traces collected using Wireshark with 2500 signatures from the ClamAV virus definitions database. Experimental results show high speed that reaches up to 216 Mbps. In addition, we evaluate time, device usage, and power consumption.
Internet usage is an important requirement that supports the performance and activities on campus. To control internet usage, it is necessary to know the distribution of internet usage. By utilizing a number of machine learning algorithms and WEKA software, the research is carried out by observation and taking data from wifi hotspots on campus. The classification method using SVM-Based utilizes the classification method owned by Support Vector Machine (SVM). This study aims to classify data on internet usage so that from this classification can be known destination network, protocol, and bandwidth that are widely accessed at certain times. Internet traffic data is retrieved through Wireshark software. Whereas data processing and data processing of internet traffic is processed by WEKA. The results showed: 1) UBD internet usage in the week I 133,196 users, week II 304,042 users,2) Use of Destination Network 24,150 and Use of Protocol 37,321,3) Destination networks that are often addressed are 172.21.206.143 (the week I) and 172.21.172.234 (week II), protocols that are often used by TCP, and4) SVM method is a good data mining method for classifying network packet patterns so as to pr
Apple Wireless Direct Link (AWDL) is a proprietary and undocumented IEEE 802.11-based ad hoc protocol. Apple first introduced AWDL around 2014 and has since integrated it into its entire product line, including iPhone and Mac. While we have found that AWDL drives popular applications such as AirPlay and AirDrop on more than one billion end-user devices, neither the protocol itself nor potential security and Wi-Fi coexistence issues have been studied. In this paper, we present the operation of the protocol as the result of binary and runtime analysis. In short, each AWDL node announces a sequence of Availability Windows (AWs) indicating its readiness to communicate with other AWDL nodes. An elected master node synchronizes these sequences. Outside the AWs, nodes can tune their Wi-Fi radio to a different channel to communicate with an access point, or could turn it off to save energy. Based on our analysis, we conduct experiments to study the master election process, synchronization accuracy, channel hopping dynamics, and achievable throughput. We conduct a preliminary security assessment and publish an open source Wireshark dissector for AWDL to nourish future work.
Decentralized storage is still rarely used in an academic and educational environment, although it offers better availability than conventional systems. It still happens that data is not available at a certain time due to heavy load or maintenance on university servers. A decentralized solution can help keep the data available and distribute the load among several peers. In our experiment, we created a cluster of containers in Docker to evaluate a private IPFS cluster for an academic data store focusing on availability, GET/PUT performance, and storage needs. As sample data, we used PDF files to analyze the data transport in our peer-to-peer network with Wireshark. We found that a bandwidth of at least 100 kbit/s is required for IPFS to function but recommend at least 1000 kbit/s for smooth operation. Also, the hard disk and memory size should be adapted to the data. Other limiting factors such as CPU power and delay in the internet connection did not affect the operation of the IPFS cluster.
CoreCapture is Apple's primary logging and tracing framework for IEEE 802.11 on iOS and macOS. It allows users and developers to create comprehensive debug output for analysis by Apple. In this manual, we provide an overview into the concepts, show in detail how CoreCapture logs can be created on iOS and macOS, and introduce the first CoreCapture dissector for Wireshark.
Malware is constantly evolving. Although existing countermeasures have success in malware detection, corresponding counter-countermeasures are always emerging. In this study, a counter-countermeasure that avoids network-based detection approaches by camouflaging malicious traffic as an innocuous protocol is presented. The approach includes two steps: Traffic format transformation and side-channel massage (SCM). Format transforming encryption (FTE) translates protocol syntax to mimic another innocuous protocol while SCM obscures traffic side-channels. The proposed approach is illustrated by transforming Zeus botnet (Zbot) Command and Control (C&C) traffic into smart grid Phasor Measurement Unit (PMU) data. The experimental results show that the transformed traffic is identified by Wireshark as synchrophasor protocol, and the transformed protocol fools current side-channel attacks. Moreover, it is shown that a real smart grid Phasor Data Concentrator (PDC) accepts the false PMU data.
Astronomers have released the largest gravitational wave catalog ever, revealing 161 new black hole collisions and pushing the total number of detections to 390。 Among the highlights are the clearest gravitational wave signal ever recorded, the most accurate location of a black hole merger, and growing evidence that some black holes are the product
New US rules would legalize quiet supersonic flights without the sonic boom