Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

PacketStreamer: New tool can aid research by revealing potential hacking behaviors

Deepfence has launched new open source tool PacketStreamer that captures network traffic from multiple sources to reveal potential hacking behaviors.

PacketStreamer sensors collect raw network packets on remote hosts, apply filters, and forward them to a central receiver process where they are written in pcap format. Traffic streams can be compressed or encrypted using Transport Layer Security (TLS).

The company says the sensors impose little performance impact on the remote hosts, and that they can be run on bare-metal servers, on Docker hosts, and on Kubernetes nodes.

Users can then process the pcap file or live feed the traffic to tools such as Zeek, Wireshark, or Suricata, or as a live stream for machine learning models.

Use cases

Owen Garrett, head of community and products at Deepfence, says the main applications are likely to be checking which requests servers are processing for the purpose of debugging, forensics in the event of an incident, and threat hunting activities.

“System administrators may find it useful to debug running applications,” he tells The Daily Swig.

“Cybersecurity teams may find it useful to capture network traffic for post-incident forensics or to support threat hunting activities. Researchers may find it useful to capture real traffic for study.”

There’s also growing activity, he says, around using machine learning to understand network traffic.

“The goal is to accurately establish a baseline for ‘normal’ traffic, identify outliers and possible anomalies, and then correlate these anomalies to identify sequences of events that may indicate the presence of an adversary or the progress of an attack,” he says.

Deepfence’s ThreatStryker attack analysis and threat assessment platform uses this process to capture traffic from production platforms for forensics and anomaly detection.

The company claims that, to the best of its knowledge, there’s no other simple, lightweight, scalable method to capture and stream packets from virtualized environments such as K8s, VMs, or Fargate, across multiple clouds.

“The issue is that modern compute environments are quite different from legacy environments – they are cloud based, span large numbers of servers, and use virtualization technologies and container platforms,” says Garrett.

“PacketStreamer takes contemporary network capture and transforms it for modern, cloud-native environments.”

Garrett says that the company welcomes contributions, and that it’s had excellent feedback so far.

“We have many plans and requests for enhancements,” he says. “We’ll begin by documenting more use cases, including details on how to feed data from PacketStreamer into common datastores and analysis tools such as Redis, Apache Kafka, and Elasticsearch.”

Advertisement. Scroll to continue reading.

Source: https://portswigger.net/daily-swig/packetstreamer-new-tool-can-aid-research-by-revealing-potential-hacking-behaviors

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given federal agencies three weeks to secure Adobe ColdFusion servers on their networks against two...

Cyber Security

Businesses and developers are focusing more on the security of applications in their digital environment as cyber threats and data breaches continue escalating. The...

Cyber Security

HCL BigFix is an endpoint management platform that has the capability to automate discovery, management, and remediation. It can find and fix vulnerabilities on...

Cyber Security

The Environmental Protection Agency cited a lack of resources and the sheer volume of critical vulnerabilities as the reasons for its inability to patch...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO