tcpdump mailing list archives
dropping of packets
From: Celia Clark <cclark () ics mq edu au>
Date: Thu, 29 May 2003 20:53:40 +1000
Hi I am writing my thesis on intrusion detection systems, and among others, I am using tcpdump to analyse traffic on the target host in the test network. I am trying to send spurious packets so that the target host will discard these kind of packets. I have seen that tcpdump will at the end of a trace give the number of packets that have been dropped by the kernel, but this does not seem to have any relation to packets being discarded because of their malicious nature. I am running Red Hat, and I would like to know which process in the OS that takes care of discarding. If TCPdump is interacting with the protocol stack via the application layer, should it not be the case that TCPdump should not be able to sniff malicious datagrams as they should have been discarded by the network layer already? Hope someone out there could knows the answer to this, and is willing to help me, Thanks, Celia Clark
Current thread:
- dropping of packets Celia Clark (May 29)
- <Possible follow-ups>
- Re: dropping of packets Guy Harris (May 30)