Title :
Simplified Protocol Capture (SIMPCAP)
Author :
Corley, Michael W. ; Weir, Michael W. ; Nelson, Kenric ; Karam, Andrew J.
Author_Institution :
Lockheed-Martin, Rome, NY, USA
Abstract :
Standard packet capture architectures have no inherent support for protocol decoding. Client systems are required to handle all decoding and maintenance of protocol handling constructs in a proprietary fashion. Resultant system architectures are often not optimized and difficult to expand upon, particularly for defining and implementing new and unhandled protocols. This paper describes a new protocol decoding system called Simplified Protocol Capture (SIMPCAP). The system, developed for legacy use with LIBPCAP, constitutes an optimized high-level library architecture that automates protocol decoding and maintains protocol definition knowledge constructs globally. The SIMPCAP framework incorporates a high level API (application programming interface) for convenient and flexible access to protocol field state.
Keywords :
application program interfaces; client-server systems; open systems; protocols; security of data; software libraries; Simplified Packet Capture architecture; application programming interface; client systems; high-level library architecture; intrusion detection; protocol decoding system; protocol demultiplexing; Access protocols; Band pass filters; Decoding; Intrusion detection; Kernel; Libraries; Network interfaces; Programming profession; Standards development; Time factors;
Conference_Titel :
Information Assurance Workshop, 2004. Proceedings from the Fifth Annual IEEE SMC
Print_ISBN :
0-7803-8572-1
DOI :
10.1109/IAW.2004.1437814
