Three students spent the past academic year on a problem familiar to most security teams: getting PCAPs that look like real traffic without containing real customer data. Their answer is a tool that ingests a source capture, learns its statistical shape and produces a synthetic PCAP with the same behavior.
Hannah Cha, Farhan Habib and Ryan Shin made up the team behind “Deep Network Analysis and Simulation,” our 2026 Data Mine of the Rockies project. Emily Johnson, a teaching assistant at the University of Colorado Colorado Springs, advised the team. The students presented their work at the Space Information Dominance Expo on April 30, 2026.
“It’s really hard to get simulated PCAPs. It’s time consuming for training,” Johnson said. “This is something that we could put students on.”
The pipeline parses each packet in a source PCAP into structured records, then computes traffic metrics including packet size distributions, interarrival times, entropy, flow characteristics, periodicity and burstiness. Those features feed a generator that produces a new capture mirroring the original. Two Python libraries, both built on Scapy, simulate host discovery and port scanning so the synthetic traffic includes realistic malicious behavior.
Johnson said a finished product was never the goal.
“The biggest success is, hey, we just wanted to have a tool,” she said. “The goal of the project was to get a proof of concept going and then see where this could go in the future. Ultimately that’s what ended up happening.”
Most of the last month went into integration. Three siloed components had to merge into one pipeline, and the team validated the output in Teleseer, Johnson said.
“After we finished integration, we had that nice pretty export PCAP file,” Johnson said. “We were like, ‘Okay, let’s put it on Teleseer, make sure it shows up,’ and it did.”
Johnson’s standout moment was a 20-minute debugging session with David Hancock, Cyberspatial’s director of training.
“We just sat for 20 minutes with David debugging it, and at the end of those 20 minutes we had something really cool,” she said. “We were very open to that learning experience.”
Future work includes deeper Teleseer integration, more MITRE ATT&CK coverage, nuanced statistical modeling and a mobile interface. Cyberspatial is in talks to sponsor another DMR team next year to build upon the lessons learned from this year’s project.
The Data Mine of the Rockies is a data science workforce program created through a charter partnership between Purdue University and the University of Colorado Colorado Springs, modeled after Purdue’s longer-running Data Mine. DMR connects students from a dozen Colorado academic partners, including CU Boulder, UCCS, CSU Fort Collins, Fort Lewis, UNC and the U.S. Air Force Academy, with industry and government Project Partners who bring real-world data problems to student teams over the course of a semester or academic year.
Teleseer is the fastest, most powerful way to analyze any network from a packet capture. It runs in your browser. No install, no infrastructure, no database, no code. Drop in a PCAP and Teleseer maps your network automatically, with passive asset discovery, automated analysis, threat insights and support for more than 7,000 protocols and apps. Try it free at teleseer.com.
