Focus on IDS
Making my own IDS... how to detect packet loss ? Jul 16 2009 01:09AM
Jonathon (thejunkjon gmail com) (2 replies)
I am writing my own IDS.  I have a packet sniffer + TCP reassembler
that I've written.  For each stream I detect, I have to keep some
state + a buffer of the packets for the stream.  However, a problem
that I've run into is that sometimes packets could get lost (meaning I
do not capture them, but they were actually sent/received between two
hosts on the network).  If I do drop the packets, my current
implementation gets all messed up since I never end up freeing the
resources I've allocated for that stream.  So, lost packets seem to be
the bain of my current implementation.

My question is (assuming all TCP streams), how can I determine whether
a packet is lost by just looking at packets that I currently have in
my buffer?

The packets could come in any order so just because I receive a packet
with seq #N, doesn't mean that a packet with seq #N-1 was sent.

I hope this is the appropriate mailing list for my question.

Thanks
J

-----------------------------------------------------------------
Securing Your Online Data Transfer with SSL.
A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe.
http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a
17f194

[ reply ]
Re: Making my own IDS... how to detect packet loss ? Jul 16 2009 05:50PM
Paul Palmer (paul_palmer us ibm com)
Re: Making my own IDS... how to detect packet loss ? Jul 16 2009 04:15PM
Aaron Turner (synfinatic gmail com) (1 replies)
Re: Making my own IDS... how to detect packet loss ? Jul 16 2009 05:43PM
Jonathon (thejunkjon gmail com) (1 replies)
RE: Making my own IDS... how to detect packet loss ? Jul 16 2009 06:49PM
Francis, Shannon (Shannon Francis jetblue com) (1 replies)
Re: Making my own IDS... how to detect packet loss ? Jul 16 2009 09:35PM
Martin Roesch (roesch sourcefire com)


 

Privacy Statement
Copyright 2010, SecurityFocus