• Title/Summary/Keyword: wireshark

Search Result 20, Processing Time 0.022 seconds

A Study on IKE v2 Analysis Method for RealTime (NIKEv2 AR : IKE v2 실시간 분석 기술 연구)

  • Park, Junghyung;Ryu, Hyungyul;Ryou, Jaecheol
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.32 no.4
    • /
    • pp.661-671
    • /
    • 2022
  • Due to the COVID-19 pandemic, remote working, e-learning, e-teaching and online collaboration have widely spread and become popular. Accordingly, the usage of IPsec VPN for security reasons has also dramatically increased. With the spread of VPN, VPN vulunerabilities are becoming an important target of attack for attackers, and many studies have been conducted on this. IKE v2 analysis is an essential process not only for developing and building IPsec VPN systems but also for security analysis. Network packet analysis tools such as Wireshark and Tcpdump are used for IKE v2 analysis. Wireshark is one of the most famous and widely-used network protocol analyzers and supports IKE v2 analysis. However Wireshark has many limitations, such as requiring system administrator privileges for IKE v2 analysis. In this paper, we describe Wireshark's limitations in detatil and propose a new analysis method. The proposed analysis method can analyze all encrypted IKE v2 messages in real time from the session key exchange In addition, the proposed analysis method is expected to be used for dynamic testing such as fuzzing as packet manipulation.

The traffic performance evaluation between remote server and mobile for applying to encryption protocol in the Wellness environment (웰니스 환경에서 암호화 프로토콜 적용을 위한 모바일과 원격 서버간 트래픽 성능 평가)

  • Lee, Jae-Pil;Kim, Young-Hyuk;Lee, Jae-Kwang
    • Journal of Digital Convergence
    • /
    • v.11 no.11
    • /
    • pp.415-420
    • /
    • 2013
  • U-WHS refers to a means of remote health monitoring service to combine fitness with wellbing. U-WHS is a system which can measure and manage biometric information of patients without any limitation on time and space. In this paper, we performed in order to look into the influence that the encryption module influences on the communication evaluation in the biometric information transmission gone to the smart mobile device and Hospital Information System.In the case of the U-WHS model, the client used the Objective-c programming language for software development of iOS Xcode environment and SEED and HIGHT encryption module was applied. In the case of HIS, the MySQL which is the Websocket API of the HTML5 and relational database management system for the client and inter-server communication was applied. Therefore, in WIFI communication environment, by using wireshark, data transfer rate of the biometric information, delay and loss rate was checked for the evaluation.

Worm Detection and Containment using Earlybird and Snort on Deterlab (Deterlab 환경에서 Earlybird를 이용한 웜 탐지와 Snort 연동을 통한 웜 확산 차단)

  • Lee, Hyeong-Yun;Hwang, Seong-Oun;An, Beongku
    • The Journal of the Institute of Internet, Broadcasting and Communication
    • /
    • v.13 no.1
    • /
    • pp.71-76
    • /
    • 2013
  • A computer worm is a standalone malware computer program that probes and exploits vulnerabilities of systems. It replicates and spreads itself to other computers via networks. In this paper, we study how to detect and prevent worms. First, we generated Codered II traffic on the emulated testbed called Deterlab. Then we identified dubious parts using Earlybird and wrote down Snort rules using Wireshark. Finally, by applying the Snort rules to the traffic, we could confirmed that worm detection was successfully done.

GOOSE Traffic Generator Using Network Emulation (네트워크 에뮬레이션을 이용한 GOOSE 트래픽 발생기)

  • Hwang, Sung-Ho
    • The Journal of the Institute of Internet, Broadcasting and Communication
    • /
    • v.16 no.1
    • /
    • pp.209-214
    • /
    • 2016
  • IEC 61850 is a protocol used to reduce the cost of design, installation and maintenance of the Substation Automation System. GOOSE traffic used in IEC 61850 plays an important role for control, protection and automation of the substation. This study implemented a GOOSE traffic generator using the emulation function of NS-3 network simulator, by using protocols provided by a network simulator and another protocols provided by real communication equipment. The generated GOOSE traffic was analyzed with Wireshark, and it was found that the traffic was generated exactly as expected. Besides, this study measured the GOOSE traffic delay due to the increase of the number of switches according to network topology. It is expected that the GOOSE traffic generator implemented by this study will be efficiently used when experiments are performed on actual substation environments.

Traffic Generation Method of Sampled Values for Smart Grid (스마트 그리드를 위한 샘플 값들의 트래픽 발생 방안)

  • Hwang, Sung-Ho;Park, Kyung-Won;Park, Jeong-Do;Song, Han-Chun;Park, Jae-Do
    • The Journal of the Institute of Internet, Broadcasting and Communication
    • /
    • v.15 no.6
    • /
    • pp.225-230
    • /
    • 2015
  • This study presents a method for generating IEC 61850 Sampled Values(SV) traffic by combining the emulation function of network simulator ns-3 with the actual communication equipment. For the SV traffic generation and reception, the emulation function of the network simulator ns-3 is used, while as a communication network, the actual communication equipment, switches are used. In addition, the SV traffic frames generated are analyzed, using Wireshark, and it is confirmed that the SV traffic frames are generated accurately. The method for the SV traffic generation proposed in the present study will be very useful when various SV traffics are generated under the environment of an actual substation.

Developing a Analysis Tool of Canopen Over EtherCat Protocol (Canopen over EtherCAT 프로토콜 분석 도구 개발)

  • Youn, Seung-Hui;Lee, Hyo-Rim;Choi, Guk-Choel;Lee, Chang-Hong;Kim, Dong-Hyun;Kim, Jong-Deok
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2021.05a
    • /
    • pp.434-437
    • /
    • 2021
  • Canopen over EtherCAT(CoE) is a Canopen protocol that operates based on EtherCAT in industrial sites. In order to analyze a CoE network system and a performance through packet sniffing and reversing, it is necessary to know Data Objects structure and changes of its value. However, since Data Objects in Canopen is dependent on the devices, there is a limitation by using an existing packet analysis program like a Wireshark. Therefore, we designed and developed a system that infers Data Objects structure and system configuration.

  • PDF

Analysis of Network Log based on Hadoop (하둡 기반 네트워크 로그 시스템)

  • Kim, Jeong-Joon;Park, Jeong-Min;Chung, Sung-Taek
    • The Journal of the Institute of Internet, Broadcasting and Communication
    • /
    • v.17 no.5
    • /
    • pp.125-130
    • /
    • 2017
  • Since field control equipment such as PLC has no function to log key event information in the log, it is difficult to analyze the accident. Therefore, it is necessary to secure information that can analyze when a cyber accident occurs by logging the main event information of the field control equipment such as PLC and IED. The protocol analyzer is required to analyze the field control device (the embedded device) communication protocol for event logging. However, the conventional analyzer, such as Wireshark is difficult to process the data identification and extraction of the large variety of protocols for event logging is difficult analysis of the payload data based and classification. In this paper, we developed a system for Big Data based on field control device communication protocol payload data extraction for event logging of large studies.

A Study on the Possibility of Transforming to Digital Substations using IEC 61850 Field Information Processing Panel of Legacy Substation (기존 변전소의 IEC 61850 기반 현장정보처리반을 이용한 디지털변전소 전환 가능성 검토에 관한 연구)

  • Yuk, Sim-Bok;Lee, Sung-Hwan;Kim, Chong-il
    • The Journal of Korea Institute of Information, Electronics, and Communication Technology
    • /
    • v.11 no.2
    • /
    • pp.129-136
    • /
    • 2018
  • The IEC 61850 communication standard is used worldwide, and within the country the new substation is built as a digital substation based on IEC 61850 from 2013, after field tests and R&D from 2007. Research on the development of digital substation operating system has been conducted mainly in large domestic companies, so the IED power application equipment for LCP are developed. However, there is still a lack of research in the field of systems that can accommodate all the field devices used for legacy substation and new digital substation. In this paper, we developed the 48VDC input modules and the 125VDC output modules which can construct proposed field information processing modules to IEC 61850 based type, and verified the field applicability from the state monitoring and control operation tests by using IEC 61850 client authentication program and Wireshark.

Countermeasures of Privacy Disclosure Vulnerability in Data Transfer Section (데이터 전송 구간에서 개인정보노출 취약점과 대응방안)

  • Heo, Geon Il;Kang, Ji Won;Park, Won Hyung
    • Journal of Information Technology Services
    • /
    • v.12 no.1
    • /
    • pp.163-171
    • /
    • 2013
  • As the kind of IT service on the internet is more and more diversifying and increasing, IT service's adverse effects also consistently occurring. Among them the incident of private information exposure is becoming social issues, especially the exposure of private information entered on-line resume is very serious. This paper investigates whether or not data is encrypted in data transfer section of major on-line job-search sites of Korea by using the packet analyzer such as "Wireshark." This paper judges whether or not the vulnerability, private information exposure, exists from the result of the investigation above and suggests countermeasures.

A Implement of Web-Mail System based on Intranet (인트라넷 기반의 웹 메일 시스템 구현)

  • Shin, Seung-Soo;Han, Kun-Hee
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.12 no.5
    • /
    • pp.2346-2352
    • /
    • 2011
  • E-mail systems using the intranet is widely exposed to internal threats should an administrator or a third party decides to misuse the information. To solve this problem, we propose a safe intranet email encryption protocol using the symmetrical-key password algorithm. Since the proposed protocol encrypts the data using a pre-agreed session keys between the users, the data will be safe from malignant access attempts provided that the session key is not exposed.