Ethereal-dev: Re: [ethereal-dev] Eliminating duplicate segments in packet-tcp.c

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Mike Hall <mlh@xxxxxx>
Date: Mon, 2 Oct 2000 13:59:35 -0500 (CDT)
On Sun, 1 Oct 2000, Richard Sharpe wrote:

> Hi,
> 
> In carefully going through and fixing packet_bxxp.c so that it works as I
> expect it to, I am again reminded that capturing on the loopback interface
> under Linux is a bad thing.
> 
> I am motivated to fix packet-tcp.c so that it can ignore duplicates segments.
> 
> This will involve keeping state on a per segment basis and an association.
> 
> However, I suspect that we should make this behaviour configurable with a
> default of on.
> 
> Any comments?

If you want to add the feature I would rather see "off" be default. There
are quite a few things you can do to machines from an attack perspective
with duplicate tcp segments. Also, it would be nice to see any that might
occur naturally because there is probably a router that is misconfigured
somewhere, or congestion, or something... And I dig ethereal out evertime
something wierd happens, so I would prefer to see the dups.

--Mike

-- 
+===================================================================+
| Mike Hall               Real programmers dream in Java.           |
| mlh@xxxxxx          Linux rules! Everything else just works.      |
+===================================================================+
|             finger mlh@xxxxxx for public PGP key                  |
+===================================================================+