EVH2 protocol : Performance analysis and Wireshark dissector development

Abstract: EVH2 is a proprietary application layer protocol developed by Aptilo Networks and used in their software product. Currently the only way to inspect EVH2 traffic is by using their own application. This application inspects no traffic other than EVH2. Since Aptilo continuously develops this protocol it is important to see how changes in the protocol affect its performance. This thesis examines possible ways to facilitate the use and development of the protocol. To analyse EVH2 network traffic along with traffic from other protocols another approach is needed. Wireshark is an application capable of inspecting traffic of multiple protocols simultaneously and uses dissectors to decode each packet. This thesis describes the development and evaluation of a Wireshark plugin dissector for inspection of EVH2 traffic. Performance tests of EVH2 will provide feedback about protocol changes. This thesis creates a platform for performance evaluation by introducing a test suite for performance testing. A performance evaluation of EVH2 was conducted using the developed test suit.