Title :
Filtering network traffic based on protocol encapsulation rules
Author :
Cerrato, Ivano ; Leogrande, Marco ; Risso, Fulvio
Author_Institution :
Politec. di Torino, Turino, Italy
Abstract :
Packet filtering is a technology at the foundation of many traffic analysis tasks. While languages and tools for packet filtering have been available for many years, none of them supports filters operating on the encapsulation relationships found in each packet. This represents a problem as the number of possible encapsulations used to transport traffic is steadily increasing and we cannot define exactly which packets have to be captured. This paper presents our early work on an algorithm that models protocol filtering patterns (including encapsulation constraints) as Finite State Automata and supports the composition of multiple expressions within the same filter. The resulting, optimized filter is then translated into executable code. The above filtering algorithms are available in the NetBee open source library, which provides some basic tools for handling network packets (e.g., a tcpdump-like program) and APIs to build more advanced tools.
Keywords :
application program interfaces; computer networks; filtering theory; finite state machines; protocols; public domain software; software libraries; telecommunication traffic; API; NetBee open source library; encapsulation relationships; executable code translation; finite state automata; models protocol filtering patterns; network packet handling; packet filtering tools; protocol encapsulation rules-based filtering network traffic; traffic analysis tasks; transport traffic; Automata; Databases; Encapsulation; Filtering; IP networks; Payloads; Protocols;
Conference_Titel :
Computing, Networking and Communications (ICNC), 2013 International Conference on
Conference_Location :
San Diego, CA
Print_ISBN :
978-1-4673-5287-1
Electronic_ISBN :
978-1-4673-5286-4
DOI :
10.1109/ICCNC.2013.6504238
