Community Articles

Use Binary Analyzer Filters for Network Security Screening and Much More!

Bill Alderson, Technology Consulting Officer, NetQoS, Inc.

Just as virus detection software looks for binary signatures on your disk, an analyzer can be used to look for binary signatures for security purposes. One such binary filter might be to filter on "Ping of Death" frames within your environment or from the Internet. By combining filters on the IP protocol, an ICMP Echo inside the IP packet and the binary filter of a one in the binary "more IP fragments coming" flag we can trigger on a potential security event.

In addition, this feature can also be used, for example, to trigger on REJ or SABME frames in an LLC, (SNA perhaps) conversation between a mainframe and a gateway to try and identify the precursor events that lead to a restart of a session.

Another application would be to filter on TCP/IP SYN frames to get a general idea of network response time between two devices. By comparing the delta times for pairs of SYN frames starting a TCP connection, you can determine a rudimentary estimate of network latency passively by analyzing an existing data stream.

A third example would be to use a binary filter to look for IP frames with the "don't fragment" bit set to discover what devices attempt to discover the network maximum transfer unit (MTU) in order to match TCP MSS (Maximum Segment Size).

Take some time to get familiar with some of the more unique options on your analyzer to be "ready for action" when problems or esoteric security issues arise. If you wait, it's too late!


sitemap | legal | request info | contact

 

NetQoS - Network Performance Management Products and Services for the world's largest networks. © 2001-2008 NetQoS, Inc. All rights reserved.

 

 

 

Products: NetQoS Performance Center - Network Monitoring | NetQoS SuperAgent - Service Level Reporting | NetQoS ReporterAnalyzer - Network Traffic Analyzer | NetQoS NetVoyant - SNMP Polling | NetQoS VoIP Monitor - VoIP Performance Monitoring | NetQoS GigaStor - Network Analysis | NetQoS Allocate - IT Cost Accounting

IT Solutions: VoIP Performance | MPLS Management | WAN Troubleshooting | Network Capacity Planning | Service Level Reporting | Network Management | WAN Optimization | NetFlow | Application Delivery | Bandwidth Utilization | Cisco WAAS | Cisco NetFlow | NetFlow Monitoring | Network Management Software | SNMP Polling | Application Performance Monitor | Network Monitoring Software | Network Performance Software | Network Behavior Analysis | NetFlow Analyzer

Resource Room: Network Performance Monitoring Whitepapers | Case Studies | Data Sheets | Networking Webinars | Networking Podcasts | Industry Initiatives | Network Performance | Network Management News | Network Performance Management Articles | Network Tools

Services: NetQoS Product Implementation | NetAnalyst Training | Network Consulting Services | VoIP Readiness | Network Certification Training