Project Slot 6 - Network Analyzer (Gürcan GERÇEK)

Student: Gürcan GERÇEK (TR)
Primary mentor: Oğuz Yarımtepe (TR)
Backup mentor: Adam Pridgen (US), Nicolas Collery (FR/SG)

Google Melange: https://www.google-melange.com/gsoc/proposal/review/google/gsoc2013/ggercek/1

Project Overview:
This project aims aimed to analyze the traffic data in a more human readable way. It will analyze the information at the application level and displays the assembled information. It will help you analyze malwares inside the traffic as weel as anomalies. This project is an improvement to https://github.com/oguzy/ovizart project in the scope of Google Summer of Code 2013.

Project Plan:

  • May 27th - June 17th: Community Bonding Period
  • June 17th : GSoC 2013 coding officially starts
  • June 17th - June 24th: Initial folder structure & Core design coding and documentation, pcap parser module
  • June 24th - July 1st: TCPFlow integration Re-assembly and basic tagger module structure
  • July 1st - July 15th : DB integration Tagger module: more protocol signatures
  • July 15th - July 22nd : Built-in HTTP server and Rest API support for basic CLI implementation
  • July 22nd - July 29th : Integration & Testing for midterm evaluation
  • July 29th - August 19th : Online traffic analysis
  • August 5th - August 19th : Web UI Implementation, authentication
  • August 19th - August 26th : Visualization features
  • August 26th - September 2nd : Interactive shell
  • September 2nd - September 9th : Dynamic analyzer addition
  • September 9th - September 16th : Documentation & Testing
  • Project Source Code Repository: https://github.com/honeynet/ovizart-ng

    Student Weekly Blog: http://gsoc2013.honeynet.org/author/gurcangercek/

    Project Useful Links:

    Project Updates:

    • 17.06.2013 - 24.06.2013
      • Design Summary documented.
      • Core module implemented. Decorators and basic unit tests.
      • Sample analyzer added to system
      • Pcap parser with simple session separation implemented.
      • Tcpflow integration: We decided not to use tcpflow application. We will implement our own reassembly module in a protocol based manner. Project plan updated
    • 24.06.2013 - 01.07.2013
      • Reassembly module implemented using justniffer project
      • DataSource decorator improved
      • Builtin web server implemented with REST API support and basic unit tests.