The OpenNET Project / Index page

[ новости /+++ | форум | wiki | теги | ]

Поиск:  Каталог документации / Документация по FreeBSD / Руководства по FreeBSD на английском

2 The Solution

First, some crypto-relevant info theory:

  1. encrypted data is uniformly distributed, i.e., has maximal entropy per symbol;

  2. raw, uncompressed data is typically redundant, i.e., has sub-maximal entropy.

Suppose you could measure the entropy of the data to- and from- your network interface. Then you could see the difference between unencrypted data and encrypted data. This would be true even if some of the data in ``encrypted mode'' was not encrypted---as the outermost IP header must be, if the packet is to be routable.

2.1 MUST

Ueli Maurer's ``Universal Statistical Test for Random Bit Generators''( MUST) quickly measures the entropy of a sample. It uses a compression-like algorithm. The code is given below for a variant which measures successive (~quarter megabyte) chunks of a file.

2.2 Tcpdump

We also need a way to capture the raw network data. A program called tcpdump(1) lets you do this, if you have enabled the Berkeley Packet Filter interface in your kernel's config file.

The command

    tcpdump -c 4000 -s 10000 -w dumpfile.bin

will capture 4000 raw packets to dumpfile.bin. Up to 10,000 bytes per packet will be captured in this example.

This, and other documents, can be downloaded from ftp://ftp.FreeBSD.org/pub/FreeBSD/doc/.

For questions about FreeBSD, read the documentation before contacting <questions@FreeBSD.org>.
For questions about this documentation, e-mail <doc@FreeBSD.org>.




Спонсоры:
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2022 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру