Date: Fri, 29 Aug 2008 11:52:28 +0100 From: Rui Paulo <rpaulo@FreeBSD.org> To: freebsd-net@freebsd.org Subject: TCP Anomaly Detector project Message-ID: <20080829105228.GD1468@alpha.local>
next in thread | raw e-mail | index | archive | help
Hi, Now that tcpad (TCP Anomaly Detector) is, at least, barely usable, I decided to talk about it. First of all, the wiki page http://wiki.freebsd.org/RuiPaulo/TCPAnomaly talks all about the rationale behind it and how it works. For your convenience, I'll post it here too: "tcpad listens for TCP packets on the wire and builds a virtual TCP stack for each TCP endpoint. This means that, for example, if you run tcpad on a gateway, tcpad will monitor every connection between the hosts behind the gateway, the hosts reachable by the gateway (usually the Internet) and the connections to/from the gateway itself. After the initial packets, tcpad has built a virtual TCP stack for each endpoint. [...] Along with this virtual TCP stack, tcpad monitors for abnormalities within the transmitted packets. For further inspection, tcpad keeps every TCP packet in memory and then dumps it into a pcap file. If you suspect a bug in a TCP stack or tcpad itself, you can boot tcpdump(1) or wireshark(1) and see the packet stream for yourself." Now, a warning about it: tcpad is still in pre-beta phase, so if you want to try it out, please be aware that it may crash, may hurt a butterfly or just make your life miserable. In other words, no warranty ;-) If you have great interest in TCP, this is the project you've been looking for to help. ;-) I'm pretty sure that I need a couple more hands to make this project rock solid in the short term, so your help is very appreciated. On the wiki page you should find every information to get you working with tcpad. If you need more help, you can contact me. Thanks for reading. -- Rui Paulo
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080829105228.GD1468>