Papers by Keyword: Protocol Analysis

Abstract: ZigBee protocol is widely used in the internet of things. In process of related equipment development, the ZigBee protocol debugging is an important part, and ZigBee protocol analyzer is a vital tool for debugging. For the existing protocol analyzer cannot deal with the wrong frame well and cannot locate a specific field quickly, this paper designs a ZigBee protocol analyzer and implement it by using the technology of quick rollback and partial repainting, the main features of this system are as follows: lower computer supports a variety of ways to connect to superior computer; it can collect data packets for 16 channels of 2.4GHz band; it can significantly identify the wrong frame; also, it can present a specific field which debugger are interested. Test results show that this system is better able to deal with the wrong frame and locate the specific field quickly.

Abstract: To analyses networks, technologies of network protocol analysis are usually used. A new approach of protocols analysis is presented based on the combination mode of walsh function. It consists of three parts, such as the protocol structure characterization method, the hierarchical protocol analysis and the self-learning combination modes. After discussing the analysis process, an experiment shows the efficiency of presented approach.

Abstract: To facilitate research into IPv6 protocol, we propose IPMT in this paper, an IPv6 packet manipulation tool that allows rapid encode and decapsulation of IPv6 frames. IPMT offers capabilities of IPv6 packet manipulation, such as packet encapsulation, packet decapsulation, and packet trace. We mainly focus on IPv6 protocols because most popular network tools that are currently used don't support IPv6. We describe the main features of IPMT and demonstrate how the IPMT programming class enables users to easily develop portable IPv6 packet analysis tools without needing to consider the details of the capture format, file compression or intermediate protocol headers. Unlike other popular network tools, IPMT can almost decode all layers all at once. We divide IPMT into two modules and implement the tool and test the tool in a real test scenario to show that the tool works well. At the same time, we design a versatile way of storing decoding information result. As a result, we conclude that IPMT is a valuable contribution to the passive measurement community that will aid the development of better and more reliable IPv6 analysis and network monitoring tools.

Abstract: A new description method of protocol structure is presented by base-function firstly. Then, a protocol analysis method base on it is proposed. To analyses the private protocols, a new self-learning algorithm is discussed. Finally, the flow of protocol analysis based on base-function is given. Experiment results show the efficiency of presented method.

Abstract: In order to solve the security issue about network intrusion in IPv6 system, two modes of intrusion detection system based on IPv6 protocol analysis have been developed and designed. Based on these two modes, packet capture module, protocol analysis module, command parsing module and out-put processing module have been designed. The accuracy and efficiency of intrusion detection system based on IPv6 protocol analysis have been verified through the test focused on the key modules.

Abstract: The LAN usually hides internal network structure by NAT to share a public IP address in the internal network, and thus it is hard to locate the source host precisely distributing sensitive information for a large-scale information monitoring system by analyzing the intercepted packets. So it is hard to fulfill monitoring work efficiently. This paper puts forward a scheme to intercept and analyze the sensitive information in the LAN environment. It studies the ARP spoofing principle and the sniffer technology based on WINPCAP. The scheme includes 7 modules named NIC capture module, packet filtering module and so on. And it achieves sensitive information filtering and matching by the configured rules, such as "keywords", "URL", "QQ number" and so on. The scheme provides a solution for tracking the source host leaking sensitive information within the LAN.

Abstract: In the network security monitoring system, it is important to trace information source timely and accurately, which is an important way to investigate and collect evidence. But because of public network’s IP limited resources, LAN hosts usually share the public network’s IP resources by NAT way, and conceal internal network structure, which make the network security monitoring system unable to locate the real effective sensitive information source in LAN. Based on the study of WINPCAP network sniffing technology and the ARP deception protocol in exchange network environment, a network security monitoring system with mechanical properties suitable for LAN environment is designed and realized, which locate information source accurately through filtering and matching the sensitive information transmitting in LAN by setting the capture factors as key words of document, web site shared by FTP, QQ number etc.

Abstract: A SSNS (simple sensor network sniffer) is used to analyze and evaluate the Wireless Sensor Networks (WSN) effectively. SSNS is designed to monitor IEEE 802.15.4 protocol frame, which based on the Ethernet. Unlike the existed monitoring system, our design is much simpler and needs less resource. It is analyzed in this paper that the monitor network framework, time synchronization, and analysis program design. The results show that SSNS works stably, and can real-time display the frame monitored and reflect the dynamic change of WSN.

Abstract: A novel WSNS (wireless sensor network sniffer) is used to analyze and evaluate the Wireless Sensor Networks (WSN) effectively, which is designed to monitor IEEE 802.15.4 protocol frame of the Ethernet. Unlike the existed monitoring system, this design has higher efficiency and needs less resource. It is analyzed in this paper that the monitor network framework, time synchronization, and analysis program design. The results show that WSNS can real time display the monitored frame and dynamic changes of WSN topology.

Abstract: A CAN-Bus protocol analysis and verification method with three key aspects which are static analysis, dynamic analysis and verification &control is put forward. Static analysis ascertains the communication information of each node by bus residual method; Synchronous contrast method is put in use to obtain practical and effective control protocol in the dynamic analysis; Verification &control is to verify the correctness of the analytical protocol and to achieve the control of the critical subsystems by bus gateway system. This scheme has been used to analyze a foreign parallel hybrid powertrain system, and it proves the correctness of the designed static analysis and dynamic analysis, the applicability of verification &control.