libpeak: Basic PCAP and ERF Support in C

Hello, this is a short service announcement. I have pushed PCAP and ERF file reader support, slowly turning peak into libpeak: a network-related base infrastructure for C projects in userland. May somebody find it useful, entertaining or better than pulling in libpcap just for the sake of skimming through trace files. That’s all for now. Really.

Dissecting OpenDPI (BGP)

A Short Introduction

Welcome back! Last week we covered the elusive LDAP, so this week is going to be a bit more shallow — we’ll cover the Boarder Gateway Protocol (BGP) as defined by RFC 4271 and RFC 2918. Don’t worry about the protocol and its purpose too much, because the DPI part is quite easy and distinctive. As always, the code presented is part of a new DPI library, which will be made available via a BSD/ISC license. Ready? Ok, here we go.


Dissecting OpenDPI (LDAP)

A Short Introduction

Hi there! OpenDPI seems to be a hot topic on this blog so I’ve decided to provide more articles. This series is about OpenDPI code review on a protocol level. The thing is I have recently started to write a DPI engine from scratch (codename ‘Li’) so that it can be released under an unrestrictive ISC/BSD license and maintained by my company. (More on that later, because the code isn’t ready for release yet.) But anyway, along the way I found a few interesting things to fix and change about the way DPI is done and structured. The Lightweight Directory Access Protocol (LDAP) is particularly interesting, because it uses Basic Encoding Rules (BER), which can be a pain to grasp and implement. Let’s dig deeper.


libpeak: Mapping of IPv4 to IPv6 in C

Hi everyone,

this week I’m going to present you my little twist for coherent mapping of IPv4 to IPv6 in C. What this means: you don’t have to worry about branching your code, which makes it more clean and simple. The only drawback is that IPv4 addresses do waste a lot of space, but if you plan on working with IPv6 in the future, that argument is quickly rendered invalid. You can find the peak library code on GitHub, or take a look at the whole commit that’s about to be discussed (including a man page and a unit test).


Poem-Driven Forensic Analysis

I wrote this verse for a friend who asked me about what intelligence-driven forensic analysis really means for the industry… ;)

’tis but part of what, given chance
handing security a glance, a peek
to where intentions meet — of
attackers and their wicked drives;
but for all that of which derives
no such thing secure may enclose
the network into peaceful pose.

If you want more of this please leave a comment. I’d be happy to bring a little more poetry to the topic.

Big Data Fuels Intelligence-Driven Security Reviewed

Big data is here to stay. In fact, anything is (and always was) big data per se. Yet in the last couple of years, the challenges in collecting, storing and accessing such tremendous amounts of data have been thoroughly tackled by Cloud computing. Now all one has to do is to find a way to turn that into usable understanding, especially in the field of network security.