Siam to Continue Work On TCP Live Play
[ubermenu config_id=”main” menu=”84″] NEWSROOM Siam to Continue Work On TCP Live PlayOct 16, 2012 Yazan Siam, a recent Bachelor of Science graduate in Computer Engineering at NC State University has extended the work of his ECE Senior Design project of …
October 16, 2012 By NC State ECE
Siam to Continue Work On TCP Live Play
Yazan Siam, a recent Bachelor of Science graduate in Computer Engineering at NC State University has extended the work of his ECE Senior Design project of Spring 2012 during the Summer, helping to advance an open-source project in the field of networking.
The original project was completed by Siam and two senior NCSU students and during the Spring of 2012. Titled "tcpreplay-NewConn," its purpose was to extend the functionality of the current Tcpreplay suite to enhance replaying functionality with TCP flows against live devices. By using the tool along with a packet capture of a TCP connection, someone would be able to replay the packets on live networks using new TCP connections. The tool will simply replay the entire packet capture and will communicate with the remote host as if it were the original connection, contained in the capture, happening all over again. The only difference is that it is at a new time and uses new TCP connection parameters. The tool is intelligent enough to respond to the remote host in an appropriate behavior that complies with TCP protocol by simultaneously following the payloads sent in the captured packets.
Being able to reproduce network traffic related problems can help manufacturers and software developers of network devices improve their products’ resiliency against security and software vulnerabilities. The project was sponsored by Cisco Systems’ Product Security Incident Response Team (PSIRT). Cisco PSIRT proactively tests vulnerabilities of Cisco
devices as part of Security Vulnerability Policy. The group collaborated and worked with Cisco engineers over the course of their Senior Design project during the Spring 2012 semester. By the end of the semester, they had a working tool that could replay TCP connections. With this tool, Cisco PSIRT was able to replay an entire packet capture as part of their testing.
Siam wanted to take his work a step further — making it open-source software available to the larger networking community. During this process, Siam renamed this tool to "tcpliveplay" which is a more representative name of what it does, added extensive enduser documentation, and developed additional code to increase the tool’s intelligence and usability. The handling of packet loss was improved as was user output statistics to help the user see both the fine-grained details and summary of the packet replay result. As of September 26 2012, tcpliveplay, with about 1,200 lines of code, became part of the Tcpreplay 3.4 software suite which was created and maintained by Aaron Turner, an enthusiastic supporter of Siam’s efforts. The Tcpreplay software suite is downloaded 200 times a week from Sourceforge.net.
The scope and potential of tcpliveplay is much broader and wider than simply Cisco using it for testing. It can be used in all kinds of testing scenarios where there is a TCP packet capture that needs to be replayed against a live device. Siam plans to continue to support and improve the software — increasing the intelligence of the code to allow the replay of multiple TCP connection flows at the same time, and to make the tool available on additional platforms beyond the currently supported Linux.
Cisco Systems and Panos Kampanakis helped sponsor the project and provided expertise in the subject area. Dr. Yannis Viniotis of the Department of Electrical & Computer Engineering at North Carolina State University was the advisor on this project and helped sponsor this project in collaboration with Cisco Systems. Other members of the Spring 2012 Senior Design team who contributed in the first stage of the project were Andrew Leonard and Beau Luck.
Details of the tcpliveplay tool can be found on the tcplivereplay wiki.
An article on Cisco’s Blog was recently written about this project title "Student Project Collaboration with NC State University".