Re: Hardware timestamp ?

[Pierre KARAMPOURNIS <pkarampournis () gmail com>]

2009/2/27 Pierre KARAMPOURNIS <pkarampournis () gmail com>

> 2009/2/27 David Young <dyoung () pobox com>
>
> > On Thu, Feb 26, 2009 at 06:49:45PM -0600, Pierre Karampournis wrote:
> > > Hi,
> > >
> > > I am currently working in a university lab and I need to capture packets
> > > with a nanosecond precision timestamp using the Pcap format.
> >
> > Pierre,
> >
> > If you tell us what you are trying to accomplish with nanosecond
> > timestamps, we might be able to help you better. :-)
> >
> > Dave
> >
> > Oops, bad manipulation, the message was sent but not finished.

> I am currently working on systems like IDS (Intrusion Detection Systems).
> The first thing we want to do is to create an architecture capable of
> capturing data packets accurately on big networks (at least 1Gbps) to :
> - test IDS with real traffic
- analyze the data captures with statistical tools

Currently, most Security systems are tested in an artificial environment but
real traffic imply noise traffic which can be considered as attacks by the
security systems.
Our main goal is to be able to create real datasets to improve Security
systems by understanding the dynamic of normal networks traffic.

Basically, I try to realize that but high speed networks can't be accurately
captured, a lot of timestamp collisions happened or we want to be as precise
as possible.

Pierre
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.