Since HexLasso can also be run on small chunk of data to provide accurate results it can be used to analyze the characteristic of network packets.
In the experiment, 2593 TCP packets were captured using Wireshark with the filter of tcp.payload and !tls. The captured packets were exported and HexLasso was run on the TCP payload section of each packet.
The smallest packet has the size of 16 bytes, the largest one has the size of 1420 bytes.
The below table summarizes the result.
| Analyzer | Chart |
|---|---|
| AsciiByte | PNG |
| ExtAsciiByte | PNG |
| SpPredictedByte | PNG |
| PredictedByte | PNG |
| SpByteMulOf4 | PNG |
| ByteMulOf4 | PNG |
| SymmetricByteSeq | PNG |
| SpSameByteSeq | PNG |
| PredictedByteSeq | PNG |
| SpIncByteSeq | PNG |
| SpDecByteSeq | PNG |
| SpSameByteDiffSeq | PNG |
| IncByteSeq | PNG |
| DecByteSeq | PNG |
| SameByteDiffSeq | PNG |
| SameByteSeq | PNG |
| SameAsciiByteSeq | PNG |
| SameDWordSeq | PNG |
| X86Fragment | PNG |
| ArmFragment | PNG |
| SpAsciiString | PNG |
| UnicodeString | PNG |
| AsciiString | PNG |
| AsciiStringOfDigits | PNG |
| AsciiStringOfSpecial | PNG |
| WordMatch | PNG |
| DWordMatch | PNG |
| QWordMatch | PNG |
The analyzer is the functionality that HexLasso used for analyzing the TCP payload.
The chart shows the result of the analysis. The Y axis tells how much data is covered in each packet by the analyzer. The Y axis represents percentage. The X axis lists all the packets.