2026-07-22 –, Room 2
Packet analysis tools present traffic as linear sequences, requiring analysts to reconstruct relationships mentally. This session introduces a topology-based approach that visualises PCAP data as a graph of hosts and interactions, enabling immediate structural understanding.
Using real examples, including DNS failure caused by misconfigured routing, we compare traditional packet list workflows with topology-driven analysis. The approach reduces cognitive load, accelerates diagnosis, and highlights patterns that are difficult to see in sequential views.
The session includes live demonstrations showing how analysts can move from packet inspection to structural reasoning, and how this reasoning can be captured as guided investigative workflows embedded directly within the analysis environment.
Traditional packet analysis relies on sequential inspection of frames, which can obscure higher-level structure and slow down diagnosis, particularly for less experienced analysts. However, network behaviour is inherently relational, involving hosts, conversations, and protocol groupings.
This session presents a practical approach to PCAP analysis using real-time topology visualisation. Instead of focusing on individual packets, traffic is represented as a graph of nodes (hosts) and edges (conversations), allowing analysts to immediately identify communication patterns, dependencies, and anomalies.
A core case study will demonstrate a DNS resolution failure caused by a misconfigured gateway. In a standard packet list, this requires careful inspection of ARP requests, repeated DNS queries, and missing responses. In a topology view, the same issue is visible at a glance: a central host attempting external communication, combined with a misleading local dependency and no successful continuation.
The session will show how topology-based analysis:
Reduces cognitive load by externalising relationships
Accelerates identification of failure patterns
Supports both novice learning and expert triage workflows
Complements, rather than replaces, traditional packet inspection
Attendees will leave with a new mental model for analysing network traffic, and practical techniques for integrating structural reasoning into their existing workflows.
Ryan Younger is an Assistant Professor of Computer Science at Olivet Nazarene University, specialising in cybersecurity, network analysis, and applied AI. He has over 25 years of industry experience, having worked at companies including Google, Meta, Microsoft, Cisco, and eBay on large-scale systems, security, and user-facing technologies.