In certain forensic or military investigations, it may be of interest to monitor an unknown network. When doing such, it may be difficult to discern packet payloads from the encapsulation layers of the protocols being implemented. The network protocols used may not be standard, thus it can be challenging to de-encapsulate the layers to determine the locations of the packet payloads. Starting with the implementation of a hidden Markov model we identify key bifurcations in a non-time-stamped capture of packets. We then distinguish common lengths between bifurcations to find the locations of similarly structured data segments. Subsequently, we perform a cross-covariance of a small data segment over the entire dataset. Repeating this cross-covariance process with various segments we identify the locations of similar structures, which are likely to be packet headers. Where there is a strong cross-covariance we remove the bytes, leaving only the packet payloads. Through this series of relatively simple processes we are able to identify the headers within a small margin of error.

Related Organizations

State University of New York at Potsdam
United States
Binghamton University
United States

Impact byBIP!

	citations This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).	0
	popularity This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.	Average
	influence This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).	Average
	impulse This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.	Average