> If I have learned anything from Francois's code is that you
> can never be sure if you get a partial or a full packet.
Right !
> The question is if a packet is encrypted (des3) how do you know
> you have received the full packet ?
The kind of data into the packet doesn't change anything.
> Ob
> how do you know you have received the full packet ?
By definition, a packet is part of a protocol, whereby you have sent
actual length information, fixed length information, or start and
terminating characters (often CRLF).
UDP/IP does send complete packets, by TCP/IP only ever sends a nev
All,
If I have learned anything from Francois's code is that you can never be
sure if you get a partial or a full packet. The question is
if a packet is encrypted (des3) how do you know you have received the full
packet ?
Obviously you can not check for a string or a delimiter that would
> Has anyone looked at the libnids library (libnids.sourceforge.net),
> which seems to sit on top of WinPcap, offering IP defragmentation, TCP
> stream assembly and TCP port scan detection? It sounds like a way of
> improving TCP monitoring, something of interest to quite a few of us
> here.
Has anyone looked at the libnids library (libnids.sourceforge.net),
which seems to sit on top of WinPcap, offering IP defragmentation, TCP
stream assembly and TCP port scan detection? It sounds like a way of
improving TCP monitoring, something of interest to quite a few of us
here.
Angus
--
