tcpad status report #3

So, I’ve been offline for some days now and I’ll continue to be until the end of the month. Development of tcpad is going fine and I just committed a few days of work into Perforce. This new work includes parsing of the TCP options and further SEQ/ACK analysis.
SEQ/ACK analysis is probably the most challenging task of this project, so it hasn’t been finished yet.
The good news is that I’m learning a lot about TCP and its extensions and it’s being thrilling!

In other news, my TCP ECN work will most likely be committed to FreeBSD-CURRENT RSN. ;-)

tcpad status report #2

So, I found some time to continue my SoC work. tcpad is now capable of handling the most important TCP FSM transitions, like CLOSE_WAIT, FIN_WAIT_1, SYN_SENT, etc. I also implemented a basic timer facility that cleans up old connections in TIME_WAIT state. This still doesn’t honor the 2MSL required by the RFC, but it’s a start. :-)
I also cleaned the code a little and improved the debugging macro.

Next is SEQ/ACK analysis.

tcpad status report #1

So, I’ve been busy studying for this month’s exams. Hence, not much tcpad development time was spent.

Nonetheless, I’ve did the initial pcap processing, that is, saving selected packets to a pcap dump file. And that works. :-)

The next step is finish the TCP/IP processing. This includes FSM transitions and SEQ/ACK analysis.

Initial SoC work

I’ve been busy with college assignments, but I’ve been doing some SoC work on my spare time. tcpad is my SoC project for this year and it’s basically a pcap-based TCP session anomaly detector. The basic principle is that, whenever something “strange” happens with a TCP connection, we will dump a pcap file containing the most important packets (TCP FSM transitions and the last 100 packets that arrived prior to the problem).
The current version of tcpad can track only the 3WHS, yet, but more code is to be written as college assignments are all done now.