Session

Python​ ​network​ ​inspection​ ​tools

Python has an ecosystem of tools that allows you to inspect, analyze and interact with network packets as native Python objects using the capabilities of programs known as Wireshark and libpcap. Some of the tools contain dissection modules that extend the original program. The objective of the conference is show this type of tools analyzing what we can do with them at the level of inspection of packets in the network and transport layers.

These could be the main talking points:

1.Introduction to network inspection tools
Tools such as Wireshark, tcpdump, tshark, ngrep and flowgrep are useful for inspection of
packages.

2.Flowinspect as a network inspection tool

3. I will discuss other solutions that we can find in python such as Scapy and Pyshark as a wrapper
for tshark that allows the capture and analysis of packages using wireshark dissectors.

I'll show some use case where we can use these tools for malware identification through signatures and Shellcode emulation / detection.

As a bonus we can analyze the tool that the NSA has for this type of tasks.

https://github.com/NationalSecurityAgency/sharkPy

notes

Jose Manuel Ortega

Software engineer & Security Researcher

View Speaker Profile