Requirements for Crafting Virtual Network Packet Captures

Abstract

Currently, network environments are complex infrastructures with different levels of security, isolation and permissions. The management of these networks is a complex task, faced with different issues such as adversarial attacks, user demands, virtualisation layers, secure access and performance optimisation. In addition to this, forensic readiness is a demanded target. To cover all these aspects, network packet captures are used to train new staff, evaluate new security features and improve existing implementations. Because of this, realistic network packet captures are needed that cover all appearing aspects of the network environment. Packet generators are used to create network traffic, simulating real network environments. There are different network packet generators available, but there is no valid rule set defining the requirements targeting packet generators. The manual creation of such network traces is a time-consuming and error-prone task, and the inherent behaviour of virtual networks eradicates a straight-forward automation of trace generation in comparison to common networks. Hence, we analyse relevant conditions of modern virtualised networks and define relevant requirements for a valid packet generation and transformation process. From this, we derive recommendations for the implementation of packet generators that provide valid and correct packet captures for use with virtual networks.