LitenAI supports uploading packet files in the pcap format, storing all packets in its Smart Lake. For demonstration purposes, a table named ‘pcap’ has been created in the LogReason Smart Lake. It can ingest a large volume of packets and is useful for data analysis. Scroll down for more information on LitenAI Smart Lake.
LitenAI supports high-level reasoning and detailed packet analysis. Below are some examples, but it can be applied to many other use cases. Contact us to test it with your data—either on our cloud platform or locally via a Docker installation.
Network Congestion Reasoning
Users can ask high-level questions, and LitenAI will generate a structured plan to analyze congestion based on the provided prompt. Users can also explore specific details—scroll down to see examples.
User: Explain congestion in terms of its causes, effects, and possible solutions. Use reasoning to analyze how congestion builds up, what factors contribute to its severity, and what measures can effectively reduce it. Provide real-world examples to support the explanation. You can use packets from pcap table to reason out the causes.
This process explains congestion by retrieving data from the table, analyzing it, and providing a detailed congestion analysis. It then follows up on the prompt to reason through congestion factors.
It first identifies the causes, effects, and possible solutions for congestion.
It first identifies the relevant data, then generates and executes the necessary code to retrieve it for analysis, producing relevant output for congestion analysis.
Then, It analyzes the output and generates valuable insights.
Reasoning answers improve as the knowledge base expands. They are securely stored in the Smart Lake, accessible only to customers with full protection.
Using LitenAI you can drill down into the packets to understand it better.
User: generate sql to show the number of rows grouped by src_ip and dst_ip from pcap table , and then execute it.
It would produce a table like this.
If needed, it can also be explored in a plot.
User: Plot the dataset.
LitenAI can extract various types of information from packets to analyze congestion more effectively.
Understanding packet contents
LitenAI helps you analyze and understand your packets more effectively. It can interpret packet data and respond to your queries through chat. Think of it as a valuable addition to Wireshark.
First, obtain the packets for analysis. Let’s start with a row. For now, TCP layers are excluded, but you can include them if needed for a more comprehensive TCP analysis.
User: Select one packet row from pcap table without layers_tcp column using sql and execute it,
The packet is stored in a dataset and displayed. You can now ask LitenAI to describe the packet and its contents.
User: Describe the dataset.
It presents all packet information in a clear and readable format.
You can now query the packet for various types of information. Here are a few examples:
User: Analyze the data to tell me the application protocol used to transfer files from PC to server?
User: Analyze the data to tell me the IP address of the server.
Various other questions related to packets can be asked, and it will provide answers. Through calls to large language models (LLMs), it understands multiple natural languages and can respond appropriately.
Upload the packet you’re interested in and ask your question. You can also filter specific packets or columns to focus on relevant data. LitenAI will help you find the right packet efficiently.
Various types of packets with different protocols can be analyzed. Below is an analysis of a DHCP packet.
User: Select one packet row with dhcp protocol using sql and execute it.
User: Analyze to tell me the DHCP server IP address?
User: Analyze the data to visualize this DHCP exchange in ascii?
This produces DHCP exchange in ASCII as shown below.
User: Analyze the data to get a mind map of 4 dhcp frames and highlight latency?
This generates a detailed mind map. Below is a small sample for reference.
Here is more information about the LitenAI Smart Lake Storage Layer.
Smart Lake
In the LitenAI Smart Lake, the customer ingested their knowledge documents and established connections to their required databases. All data is securely stored within the customer’s storage. Customers can ingest data using various methods, either programmatically from stored files or through streams for continuous ingestion. Additionally, data can be uploaded and managed through Lake Agents, either via chat or using the Lake GUI interface to populate the lake. If you are going through these prompts, make sure to select logreason data lake. Select lake tab and ensure that logreason lake is selected. You can also select pcap table to make it default if no table name can be identified from the prompts.
To ingest a new file, you can select pcap type and choose a file. Click on Ingest. It will append the pcap information to pcap table.
This blog highlights the capabilities of AI in analyzing network packets. Various types of analysis can be performed, and customers can integrate their own agents for specific tasks. Contact us for more information.