On Thu, Jan 21, 2016 at 07:44:21PM +0000, Wiles, Keith wrote: > What type of data do you want to add to the packets? Now it builds > IPv4/UDP/TCP packets, do you need to replace UDP or TCP or just add more > protocol layers?
I perform content inspection of various types: IPv4 - supported IPv6 - supported TCP - supported UDP - supported DNS - need custom binary payload sFlow - need custom binary payload Netflow - need custom sequence (supported) and custom binary payload UDP Syslog - need custom ASCII payload (binary would of course work) TCP Syslog - need custom ASCII payload (probably impossible w/ this tool as a three-way handshake is needed for me to begin receiving in the app, which is among other things a high performance Syslog digester, but UDP is enough for now) Because it's a security app I have to model things like "99% boring, 1% interesting" as packets which raise alerts cost more resources than packets which do not. Matthew.
