ipt-netflow icon indicating copy to clipboard operation
ipt-netflow copied to clipboard
verified publisher icon aabc

Implement connection fingerprinting

Open aabc opened this issue 10 years ago • 0 comments

To help distinguish the traffic is may be useful to provide some statistical information about connections content. Such as:

  1. Record first N data bytes of a connection.
  2. Entropy value of flow data (or of first N bytes).
  3. Terminate flow after reply is sent (useful for client-server environments).
  4. Biflows (https://tools.ietf.org/html/rfc5103).
  5. TCP metering statistics (http://tools.ietf.org/html/draft-akhter-opsawg-perfmon-ipfix-03).

aabc avatar Jul 19 '15 12:07 aabc