|
Hi
I am writing my thesis on intrusion
detection systems, and among others, I am using
tcpdump to analyse traffic on the target
host in the test network.
I am trying to send spurious packets so
that the target host will discard these kind of packets. I have seen that
tcpdump will at the end of a trace give the number of packets that have been
dropped by the kernel, but this does not seem to have any relation to packets
being discarded because of their malicious nature.
I am running Red Hat, and I would like to
know which process in the OS that takes care of discarding. If TCPdump is
interacting with the protocol stack via the application layer, should it not be
the case that TCPdump should not be able to sniff malicious datagrams as they
should have been discarded by the network layer already?
Hope someone out there could knows the
answer to this, and is willing to help me,
Thanks,
Celia Clark
|
- Re: [tcpdump-workers] dropping of packets Guy Harris
- Celia Clark
