Killian Ditch

Killian Ditch

Biography

Killian has been involved in the tech industry for about 10 years, and after dabbling in security throughout, he ventured into the realm of offensive techniques about halfway through. He works as a penetration tester for Coalfire out of Denver, CO , where he attempts to relate the technical aspects presented by vulnerabilities in networks, applications, and people to actionable business risks that companies can address.

Network traffic analysis via packet-to-note sound translation.

TLDR: Nifty Python tool to play music corresponding to network traffic that contains the potential for an accessibility function for the visually-impaired.

Originally conceived of as a cool idea to examine network traffic generated by penetration testing in lieu of reviewing tcpdump or Wireshark output, p@quetr@quet turned into a technically valid means for creating music from network traffic patterns. Also, by creating a sound-based representation of network traffic, the utility provides insight into normal traffic patterns as opposed to oddities such as ICMP ping or UDP/TCP port scans. Anyone, whether an analyst or tester, interested in keeping track of the network can listen to the sounds of the packets instead of scrolling through Wireshark or tcpdump output. As an example, if a port scan was observed by the monitoring interface, those packets would correspond to different sounds, thereby yielding an aural experience matching that traffic pattern. Visually-impaired individuals could be trained as to the notes and corresponding packets and be empowered to conduct hitherto inaccessible network analysis. The project is at a very basic level, albeit with a functioning proof of concept script to demonstrate both live traffic examples and previously recorded packet captures.

I’m hoping that people will want to attend to experience what network traffic can sound like. I find packets fascinating, and my thought is that introducing the music/sound element to traffic analysis might draw previously absent interest.
I plan on starting with a basic discussion of existing and well known network monitoring tools such as Wireshark and tcpdump, and I’d illustrate how drawbacks such as the need for another window/screen, pages and pages of output to review, all make network analysis difficult to parallelize as a task or one that visually-impaired individuals would find difficult. By taking a brief look at the underlying code of the utility, the audience would gain an understanding of how the tool works. To provide a demonstration, I’d run port, ping, and ARP scans against a local virtual machine as examples. I would expand on the idea by playing previously generated pcap files to demonstrate how music, as played through P@quetR@quet, could be created via packet crafting with a tool such as Scapy or even Bash or PowerShell.

 

All sessions by Killian Ditch

Network traffic analysis via packet-to-note sound translation.

17 Feb 2018
15:00 - 16:00
2nd Floor Conf Room