tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Adding SHA1 signature to packets?

From: Andy Howell <AndyHowell () raitechnology com>
Date: Tue, 11 Dec 2007 17:32:54 -0600
Bruce Keats wrote:

I am thinking about adding a SHA1 signature to each of the packets captured
by TCPDUMP.  I was poking around libpcap and I have some different ideas on
how to do.  One way would be to create a new TCPDUMP magic number and then
change the packet header to include the SHA1.  Another way would be to
create a new TCPDUMP magic number and put the SHA1 between the packet header
and the data.  Another way would be to create a new DLT_ type for each of
the links I deal with and add the SHA1 somewhere within the data.

I would like to have wireshark still be able to look at the data.  If
wireshark uses libpcap then everything should be hidden.  Otherwise, I am
digging into the wireshark code as well.


Bruce,
I don't have much of an opinion on where to add it. In my application I needed to detect the duplicate packets that some Cisco Cat6000 (?) switches send on a spanning port. I tried various hashes like SHA1, MD4/5, but they were too cpu intensive. I ended up using a simple checksum. I only look at the last 4 packets in determining if the received packet was a dupe. 

http://en.wikipedia.org/wiki/Adler-32

Andy
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
Previous By Date Next
Previous By Thread Next

Current thread: