You can edit almost every page by Creating an account. Otherwise, see the FAQ.

Tranalyzer

From EverybodyWiki Bios & Wiki



Tranalyzer
Original author(s)Tranalyzer Development Team
Developer(s)The Tranalyzer team
Initial releaseAround 2008; 16 years ago (2008)
Stable release
0.8.11lmw3 / 1 September 2021; 3 years ago (2021-09-01)..[1]
Written inC
Engine
    Operating systemLinux, macOS, Windows 10
    TypeFlow based analyzer, traffic mining, monitoring, reporting, network forensics
    LicenseGNU GPL2[2]
    Websitewww.tranalyzer.com

    Search Tranalyzer on Amazon.

    Tranalyzer is an open source flow generator and packet analyzer. It is predominantly used for network troubleshooting, traffic mining, data carving, and security applications. The program is written in C and built upon the libpcap library. It provides functionality to pre- and post-process any layer 2 or IPv4/IPv6 stacked header into a packet or flows view and enables a trained user to see anomalies and network defects even in very large datasets. It supports analysis with special bit coded fields and generates statistics from key parameters of IPv4/IPv6 traces either being live-captured from an Ethernet interface or one or several pcap files. The output of Tranalyzer is mostly tailored to Unix-like operating systems, such as all Linux flavors, macOS and Windows 10.

    History[edit]

    In 2004, a group at a large Swiss operator was faced with 11 TB of PCAP data for a troubleshooting job. As existing flow based analysis (open source) products at the time had no capabilities to parse encapsulated telco protocols, such as L2TP, PPP, etc., a C based tool called Tranalyzer was developed only focussing on flow based output. Further jobs in the area of encrypted protocols classification, such as Skype[3] and bit torrent moved Tranalyzer into the DPI and traffic mining regime. In 2008, Tranalyzer was rewritten completely and founded today's plugin based system, predominantly funded by the Swiss armed forces. It was released open-source in 2008[4] as Tranalyzer2 to make it publicly available for researchers and other practitioners working in the area of troubleshooting and traffic mining. In 2011 [5] Tranalyzer2 entered the regime of encrypted network security, data carving, traffic forensic[6] and traffic preprocessing for AI research [7][8][9][10][11][12][13][14][15]. It is now a cooperatively supported project of several governmental and private institutions [16]

    Functionality[edit]

    Tranalyzer2 is command line based, e.g. zsh or bash on Unix based systems. There is GUI support for plugin configuration[17] and flow post processing. No magic click based tool, but a down to earth operation for practitioners. As any tool in the network traffic area, it requires certain knowledge about the data to be examined. Certain function can be configured by command line, but the majority is governed by the plugins loaded. The philosophy of Tranalyzer2 seems to be: "You get the code you need, no overhead", which requires plugin configuration and recompilation but produces fast and efficient code[18][19]. It is able to parallelize operation on several pcaps and supports automation in pcap processing and flow/packet file post processing[20][21]

    Features[edit]

    Tranalyzer is a flow and packet based that dissects all encapsulations down to the very layer 2/3/4/7 protocol header. The data can be captured from a live network connection or read from a file of already-captured packets of any size. The flow aggregation is flexible using either elements of the standard 6 tuple (VLAN, source IP and port, destination IP and port, layer 4 protocol), but also can be configured to use geolocation information to increase the aggregation density. Working with T2 revealed that it is script friendly and focused on efficiently process csv packet and flow based output. It also allows geolocation for external and internal addresses, which seems to be unique so far [22]. Tranalyzer2 also supports monitoring and logs into the well known RRD tool. It also includes an alarm feature to be used in real time security applications. For developers various support is provided to reduce the effort to produce C based plugins.

    See also[edit]

    Some use of "" in your query was not closed by a matching "".Some use of "" in your query was not closed by a matching "".

    Notes[edit]

    1. "Tranalyzer News".
    2. "Tranalyzer2 FAQ License".
    3. Burschka, S; DuPasquier, B. "Datamining for Hackers - Encrypted Traffic Mining". 28th Chaos Communication Congress. Retrieved 30 September 2021.
    4. "Tranalyzer". SourceForge. Retrieved 30 September 2021.
    5. Dupasquier, Benoit; Burschka, Stefan. "Datamining for Hackers-Encrypted Traffic Mining(TM)". Recorded Session. Retrieved 29 September 2021.
    6. "DFRWS EU - Recap". Forensic Focus. 21 April 2016.
    7. Jianguo, Jiang; Qi, Biao; Zhixin, Shi; Wang, Yan; Lv, Bin (August 2016). "Botnet Detection Method Analysis on the Effect of Feature Extraction". 2016 IEEE Trustcom/BigDataSE/ISPA: 1882–1888. doi:10.1109/TrustCom.2016.0288.
    8. Le, Duc Cong (March 2017). "An Unsupervised Learning Approach for Network and System Analysis" (PDF). Dalhousie University,Halifax, Nova Scotia, Canada.
    9. Pektaş, A.; Acarman, T. (2017). "Effective Feature Selection for Botnet Detection Based on Network Flow Analysis" (PDF). International Conference Automatics and Informatics.
    10. Millar, K.; Smit, D.; Page, C.; Cheng, A.; Chew, H.; Lim, C. (2017). "Looking deeper: Using deep learning to identify internet communications traffic" (PDF). Australasian Conference of Undergraduate Research (27 Sep 2017 - 28 Sep 2017 : Adelaide, Australia).
    11. Montieri, Antonio; Ciuonzo, Domenico; Bovenzi, Giampaolo; Persico, Valerio; Pescape, Antonio (1 July 2020). "A Dive into the Dark Web: Hierarchical Traffic Classification of Anonymity Tools". IEEE Transactions on Network Science and Engineering. 7 (3): 1043–1054. doi:10.1109/TNSE.2019.2901994.
    12. Le, Duc C.; Zincir-Heywood, A. Nur; Heywood, Malcolm I. (2018). "Unsupervised Monitoring of Networkand Service Behaviour Using SelfOrganizing Maps". Journal of Cyber Security and Mobility. 8 (1): 15–52. doi:10.13052/jcsm2245-1439.812.
    13. Mashkanova, Aigerim (2019). "Exploratory data analysis toward cloud intrusion detection" (PDF). Graduate Projects (Computer Science).
    14. Dupasquier, Benoit; Burschka, Stefan; McLaughlin, Kieran; Sezer, Sakir (December 2010). "On the Privacy of Encrypted Skype Communications". 2010 IEEE Global Telecommunications Conference GLOBECOM 2010: 1–5. doi:10.1109/GLOCOM.2010.5684214.
    15. Dupasquier, Benoît; Burschka, Stefan; McLaughlin, Kieran; Sezer, Sakir (October 2010). "Analysis of information leakage from encrypted Skype conversations". International Journal of Information Security. 9 (5): 313–325. doi:10.1007/s10207-010-0111-4.
    16. The open source version of Tranalyzer is maintained and funded by RUAG Schweiz AG – RUAG Defence and the Swiss Armed Forces. In this context, we would like to thank R.Sibilia, for his continuous support and fruitful discussions. We are very grateful to T. Ruehl, A. Davolos, F. Albanese and N.Thalheim for their constant efforts in improving Tranalyzer.
    17. "Tranalyzer - Tranalyzer2 and Plugins Configuration". tranalyzer.com. Retrieved 30 September 2021.
    18. "Tranalyzer - Tranalyzer2 - Configuration". tranalyzer.com. Retrieved 30 September 2021.
    19. "Tranalyzer - Basic Analysis". tranalyzer.com. Retrieved 30 September 2021.
    20. "Tranalyzer - Parallelization". tranalyzer.com. Retrieved 30 September 2021.
    21. "Tranalyzer - Multi File I/O". tranalyzer.com. Retrieved 30 September 2021.
    22. "Tranalyzer - geolocation". tranalyzer.com. Retrieved 30 September 2021.

    References[edit]

    External links[edit]



    This article "Tranalyzer" is from Wikipedia. The list of its authors can be seen in its historical and/or the page Edithistory:Tranalyzer. Articles copied from Draft Namespace on Wikipedia could be seen on the Draft Namespace of Wikipedia and not main one.