{"guid":"d48d1713-333b-4515-b56d-bc12fa2d3c44","title":"Network Traffic Analysis using Deep Packet Inspection and Data Visualization","subtitle":"Eventpad: the Sublime editor for network traffic","slug":"SHA2017-369-network_traffic_analysis_using_deep_packet_inspection_and_data_visualization","link":"https://c3voc.de","description":"For the protection of (critical) infrastructures against complex virus attacks, deep packet inspection is unavoidable. In our project SpySpot we are developing new tools and techniques to assist analysts in gaining insight and reverse engineering WireShark PCAP files. In this talk we present and demo a new data visualization system Eventpad to study PCAP traffic by visualizing patterns according to user-defined rules. We illustrate the effectiveness of the system on real-world traffic including VoIP communication and Ransomware activity in file systems.\n\n#NetworkSecurity #DeviceSecurity","original_language":"eng","persons":["ArrayX"],"tags":["SHA2017","369"],"view_count":685,"promoted":false,"date":"2017-08-06T00:00:00.000+02:00","release_date":"2017-08-07T02:00:00.000+02:00","updated_at":"2026-03-14T14:00:09.228+01:00","length":1511,"duration":1511,"thumb_url":"https://static.media.ccc.de/media/events/SHA2017/369-hd.jpg","poster_url":"https://static.media.ccc.de/media/events/SHA2017/369-hd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/SHA2017/d48d1713-333b-4515-b56d-bc12fa2d3c44-timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/SHA2017/d48d1713-333b-4515-b56d-bc12fa2d3c44-thumbnails.vtt","frontend_link":"https://media.ccc.de/v/SHA2017-369-network_traffic_analysis_using_deep_packet_inspection_and_data_visualization","url":"https://api.media.ccc.de/public/events/d48d1713-333b-4515-b56d-bc12fa2d3c44","conference_title":"SHA2017: Still Hacking Anyway","conference_url":"https://api.media.ccc.de/public/conferences/SHA2017","related":[{"event_id":4238,"event_guid":"9ea86f2f-b236-431f-9027-8b31c0b2ad56","weight":17},{"event_id":4240,"event_guid":"dec63dd2-d66b-419d-863d-c20fd5ce91dd","weight":43},{"event_id":4247,"event_guid":"2dd16bb3-657b-41b6-bdec-987ada3f285c","weight":15},{"event_id":4258,"event_guid":"ce7ba341-f44e-4f82-9f67-45e2df6b9c67","weight":15},{"event_id":4259,"event_guid":"b5a645a9-bbdc-433e-a77c-b416074a92ea","weight":45},{"event_id":4261,"event_guid":"3852e448-f6cf-4bfe-8b14-12d590075bd6","weight":30},{"event_id":4265,"event_guid":"9ba5a35b-0608-40f1-84ec-e02c387cb60b","weight":17},{"event_id":4273,"event_guid":"abd8b143-a3d8-4655-bd1c-a355a0bd5d8d","weight":17},{"event_id":4293,"event_guid":"dd774554-e12d-4557-b91c-3f6039cd4aeb","weight":21},{"event_id":4296,"event_guid":"0eff8b32-bd9e-4a69-b704-70171ca0e83e","weight":26},{"event_id":4299,"event_guid":"63b79857-ca2c-4fb4-b56c-b7807f947c01","weight":20},{"event_id":4310,"event_guid":"98a24995-17aa-415a-9cf5-906faa0d1475","weight":14},{"event_id":4323,"event_guid":"df804417-58b7-42fa-a626-83ed1663677f","weight":19},{"event_id":4336,"event_guid":"962f467f-8c6b-44cc-98cd-673128a9aef5","weight":15},{"event_id":4343,"event_guid":"57920452-ce5b-4194-a768-fed44de6d779","weight":14},{"event_id":4352,"event_guid":"05007c06-fc8b-468a-b1e9-b4ff9ec8149e","weight":15},{"event_id":4361,"event_guid":"54fd6dc6-c0c7-46d5-b122-4b94ec8ba635","weight":26},{"event_id":4362,"event_guid":"67b3b3d4-6098-4694-896c-3e6f76b400d7","weight":16}],"recordings":[{"size":161,"length":1511,"mime_type":"video/mp4","language":"eng","filename":"SHA2017-369-eng-Network_Traffic_Analysis_using_Deep_Packet_Inspection_and_Data_Visualization_hd.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2017-08-07T10:15:53.337+02:00","recording_url":"https://cdn.media.ccc.de/events/SHA2017/h264-hd/SHA2017-369-eng-Network_Traffic_Analysis_using_Deep_Packet_Inspection_and_Data_Visualization_hd.mp4","url":"https://api.media.ccc.de/public/recordings/17828","event_url":"https://api.media.ccc.de/public/events/d48d1713-333b-4515-b56d-bc12fa2d3c44","conference_url":"https://api.media.ccc.de/public/conferences/SHA2017"},{"size":19,"length":1496,"mime_type":"audio/opus","language":"eng","filename":"SHA2017-369-eng-Network_Traffic_Analysis_using_Deep_Packet_Inspection_and_Data_Visualization.opus","state":"new","folder":"opus","high_quality":false,"width":0,"height":0,"updated_at":"2017-08-07T10:49:06.553+02:00","recording_url":"https://cdn.media.ccc.de/events/SHA2017/opus/SHA2017-369-eng-Network_Traffic_Analysis_using_Deep_Packet_Inspection_and_Data_Visualization.opus","url":"https://api.media.ccc.de/public/recordings/17851","event_url":"https://api.media.ccc.de/public/events/d48d1713-333b-4515-b56d-bc12fa2d3c44","conference_url":"https://api.media.ccc.de/public/conferences/SHA2017"},{"size":45,"length":1511,"mime_type":"video/mp4","language":"eng","filename":"SHA2017-369-eng-Network_Traffic_Analysis_using_Deep_Packet_Inspection_and_Data_Visualization_sd.mp4","state":"new","folder":"h264-sd","high_quality":false,"width":720,"height":576,"updated_at":"2017-08-07T12:08:33.617+02:00","recording_url":"https://cdn.media.ccc.de/events/SHA2017/h264-sd/SHA2017-369-eng-Network_Traffic_Analysis_using_Deep_Packet_Inspection_and_Data_Visualization_sd.mp4","url":"https://api.media.ccc.de/public/recordings/17879","event_url":"https://api.media.ccc.de/public/events/d48d1713-333b-4515-b56d-bc12fa2d3c44","conference_url":"https://api.media.ccc.de/public/conferences/SHA2017"},{"size":57,"length":1511,"mime_type":"video/webm","language":"eng","filename":"SHA2017-369-eng-Network_Traffic_Analysis_using_Deep_Packet_Inspection_and_Data_Visualization_webm-sd.webm","state":"new","folder":"webm-sd","high_quality":false,"width":720,"height":576,"updated_at":"2017-08-07T12:42:40.018+02:00","recording_url":"https://cdn.media.ccc.de/events/SHA2017/webm-sd/SHA2017-369-eng-Network_Traffic_Analysis_using_Deep_Packet_Inspection_and_Data_Visualization_webm-sd.webm","url":"https://api.media.ccc.de/public/recordings/17935","event_url":"https://api.media.ccc.de/public/events/d48d1713-333b-4515-b56d-bc12fa2d3c44","conference_url":"https://api.media.ccc.de/public/conferences/SHA2017"},{"size":22,"length":1496,"mime_type":"audio/mpeg","language":"eng","filename":"SHA2017-369-eng-Network_Traffic_Analysis_using_Deep_Packet_Inspection_and_Data_Visualization.mp3","state":"new","folder":"mp3","high_quality":false,"width":0,"height":0,"updated_at":"2017-08-07T12:43:07.475+02:00","recording_url":"https://cdn.media.ccc.de/events/SHA2017/mp3/SHA2017-369-eng-Network_Traffic_Analysis_using_Deep_Packet_Inspection_and_Data_Visualization.mp3","url":"https://api.media.ccc.de/public/recordings/17937","event_url":"https://api.media.ccc.de/public/events/d48d1713-333b-4515-b56d-bc12fa2d3c44","conference_url":"https://api.media.ccc.de/public/conferences/SHA2017"},{"size":166,"length":1511,"mime_type":"video/webm","language":"eng","filename":"SHA2017-369-eng-Network_Traffic_Analysis_using_Deep_Packet_Inspection_and_Data_Visualization_webm-hd.webm","state":"new","folder":"webm-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2017-08-07T12:55:12.273+02:00","recording_url":"https://cdn.media.ccc.de/events/SHA2017/webm-hd/SHA2017-369-eng-Network_Traffic_Analysis_using_Deep_Packet_Inspection_and_Data_Visualization_webm-hd.webm","url":"https://api.media.ccc.de/public/recordings/17958","event_url":"https://api.media.ccc.de/public/events/d48d1713-333b-4515-b56d-bc12fa2d3c44","conference_url":"https://api.media.ccc.de/public/conferences/SHA2017"}]}