The OpenNET Project / Index page

[ новости /+++ | форум | wiki | теги | ]

Поиск:  Каталог документации / Документация по FreeBSD / Руководства по FreeBSD на английском

2 The Solution

First, some crypto-relevant info theory:

  1. encrypted data is uniformly distributed, i.e., has maximal entropy per symbol;

  2. raw, uncompressed data is typically redundant, i.e., has sub-maximal entropy.

Suppose you could measure the entropy of the data to- and from- your network interface. Then you could see the difference between unencrypted data and encrypted data. This would be true even if some of the data in ``encrypted mode'' was not encrypted---as the outermost IP header must be, if the packet is to be routable.

2.1 MUST

Ueli Maurer's ``Universal Statistical Test for Random Bit Generators''( MUST) quickly measures the entropy of a sample. It uses a compression-like algorithm. The code is given below for a variant which measures successive (~quarter megabyte) chunks of a file.

2.2 Tcpdump

We also need a way to capture the raw network data. A program called tcpdump(1) lets you do this, if you have enabled the Berkeley Packet Filter interface in your kernel's config file.

The command

    tcpdump -c 4000 -s 10000 -w dumpfile.bin

will capture 4000 raw packets to dumpfile.bin. Up to 10,000 bytes per packet will be captured in this example.

This, and other documents, can be downloaded from

For questions about FreeBSD, read the documentation before contacting <>.
For questions about this documentation, e-mail <>.

Inferno Solutions
Hosting by

Закладки на сайте
Проследить за страницей
Created 1996-2022 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру