Jump to content

Creating timeline from network traffic


Recommended Posts

I've been playing around with the Pineapple and packet captures. An interesting topic I want to learn more about is 'user profiling' based on network traffic (pcap files). I want to find out at what times specific applications/websites were used or visited. I want to create some sort of timeline where I want to see at what times a connection/session was established, how long that application/website has been used and at what time the connection/session ended (DNS? SSL handshake? HTTP GET requests? Streams?). A big challenge is also to see through a lot of traffic generated by advertisers or other services that aren't specifically user actions. Are there even unique identifiers of user activity, or is that difficult to keep apart from 'system' traffic?

For example:
- Gmail.com, start 01-01-17 / 14:23:42, end 01-01-17 / 14:46:23, duration 23 min 21 sec
- OR Gmail.com, visited on 01-01-17 / 14:23:42

I've searched a lot on the internet to learn more about this type of network behavior, but I can't find much usable answers so far. Mostly is about network performance and network security instead of 'user profiling'. Is it even possible to do some reliable kind of 'user profiling' and what are your thoughts about how to technically achieve this and the other possibility's? I also like the info that user_agents show for example, to identify specific devices. Maybe an option is creating some kind of regular expressions and create a script that can be applied to multiple pcaps from different sources.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...