Ethereal-dev: Re: [ethereal-dev] Eliminating duplicate segments in packet-tcp.c

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Richard Sharpe <sharpe@xxxxxxxxxx>
Date: Tue, 03 Oct 2000 03:30:03 +0900
At 01:59 PM 10/2/00 -0500, Mike Hall wrote:
>On Sun, 1 Oct 2000, Richard Sharpe wrote:
>
>> Hi,
>> 
>> In carefully going through and fixing packet_bxxp.c so that it works as I
>> expect it to, I am again reminded that capturing on the loopback interface
>> under Linux is a bad thing.
>> 
>> I am motivated to fix packet-tcp.c so that it can ignore duplicates 
>> segments.
>> 
>> This will involve keeping state on a per segment basis and an association.
>> 
>> However, I suspect that we should make this behaviour configurable with a
>> default of on.
>> 
>> Any comments?
>
>If you want to add the feature I would rather see "off" be default. There
>are quite a few things you can do to machines from an attack perspective
>with duplicate tcp segments. Also, it would be nice to see any that might
>occur naturally because there is probably a router that is misconfigured
>somewhere, or congestion, or something... And I dig ethereal out evertime
>something wierd happens, so I would prefer to see the dups.

Well, I was motivated to send the message by a bug I had in the BXXP
dissector. On Sunday night, the Olympics were finally over, but I didn't
care, I was working on Ethereal :-)

The bug had to do with duplicate segments caused by the Linux libpcap
problems (packets captured twice, once going, once coming, on the loopback
interface).

It seemed that the only way to fix the problem was to eliminate the
duplicates. I started looking at the problem, and it looked hard, so I
watched the Matrix instead. Then I rewatched parts of it. It was
interesting to see that the book Neo put the $2,000 in early on had
something like Simula for Simulation on the front cover.

Next morning, I woke up and realized there was a simpler fix ... :-)

So, I will leave duplicate segment elimination for a while ...

>--Mike
>
>-- 
>+===================================================================+
>| Mike Hall               Real programmers dream in Java.           |
>| mlh@xxxxxx          Linux rules! Everything else just works.      |
>+===================================================================+
>|             finger mlh@xxxxxx for public PGP key                  |
>+===================================================================+
>
>

Regards
-------
Richard Sharpe, sharpe@xxxxxxxxxx
Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org)
Contributing author, SAMS Teach Yourself Samba in 24 Hours
Author, Special Edition, Using Samba