Tattoo: Traffic Analysis Toolkit / News: Recent posts

While there are a large number of monitoring tools that capture and decode known TCP/IP and application layer protocols, there are very few tools for analyzing unknown, proprietary, or encrypted protocols or building abstract represenations of that traffic.

Tattoo will provide a set of command-line scripts for analyzing raw tcpdump files or ASCII hexadecimal representations of network traffic to identify format (headers and payload), function (how the protocol works), and communication model (1-n, 1-1, n-n, etc.) for any network protocol that
can be captured by libpcap.