"Fossies" - the Fresh Open Source Software Archive

Member "tcpflow-1.6.1/TODO.txt" (19 Feb 2021, 7052 Bytes) of package /linux/misc/tcpflow-1.6.1.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the last Fossies "Diffs" side-by-side code changes report for "TODO.txt": 1.4.5_vs_1.5.0.

    1 Accomplished for 1.4:
    2 
    3 + update tcpip structure to indicate if a SYN was seen; If packets arrive before the beginning of the connection and a SYN was not seen, insert in the beginning of the file.
    4 + remove syn_set from store_packet. Make sure that it's called when we know the packet offset.
    5 + discover and create MIME objects.
    6 + Regression testing by randomizing packet order and making sure that the results are the same.
    7  
    8 ================================================================
    9 
   10 ================
   11 Here is an idea currently plan for the plugin approach:
   12 
   13 -Ps "command"   --- Run command at the start of each flow; pipe the flow to stdin
   14 -Pe "command"   --- Run command at the end of each flow; pipe the flow to stdin (from the file)
   15 -PE "command"  ---  Run command at the end of each flow, but do not pipe flow to stdin
   16 
   17 ================================================================
   18 Other programs to look at:
   19 
   20  http://net.doit.wisc.edu/~plonka/FlowScan/ 
   21  http://ant.isi.edu/wiv2012/program.html
   22 ================
   23 Current bugs:
   24 
   25 - Add more tests, specifically a test to read multiple files at once.
   26 
   27 tests/bug2.pcap has a connection with multiple packets sent after it is closed.
   28   src/tcpflow -d 100  -o bug2 -r  tests/bug2.pcap   --- gets data corruption because the retransmitted packets overwrite the beginning
   29   src/tcpflow -P -d 100  -o bug2 -r  tests/bug2.pcap   --- doesn't.
   30 
   31   - Need to see if the filename that's tried to open already exists. If it does, we need to incrment connection count and then go on.
   32 
   33   - But then, we need to realize that it shouldn't be expired out...
   34 
   35 
   36 tests/bug3.pcap (think that it's the same problem as above)
   37  - Run the program twice to the same output directory and the second transcript file doesn't match the first.
   38  - Run the program with remove_flow() commented out in tcpdemux.cpp:391 and the results are correct; run with it in and the results are different.
   39 
   40    - Should be the same results each time.
   41 
   42 bug3 has some retransmitted packets:
   43 
   44 18:44 Mucha:~/gits/tcpflow/src$ tcpdump -n -r bugshow.pcap
   45 reading from file bugshow.pcap, link-type EN10MB (Ethernet)
   46 19:59:14.168870 IP 65.212.118.21.80 > 192.168.1.64.33410: Flags [S.], seq 2626615675, ack 2244319387, win 8190, options [mss 1404], length 0
   47 19:59:14.245209 IP 65.212.118.21.80 > 192.168.1.64.33410: Flags [.], ack 176, win 6432, length 0
   48 19:59:14.262536 IP 65.212.118.21.80 > 192.168.1.64.33410: Flags [.], seq 1:1405, ack 176, win 6432, length 1404
   49 19:59:14.264902 IP 65.212.118.21.80 > 192.168.1.64.33410: Flags [.], seq 1405:2809, ack 176, win 6432, length 1404
   50 19:59:14.339295 IP 65.212.118.21.80 > 192.168.1.64.33410: Flags [.], seq 2809:4213, ack 176, win 6432, length 1404
   51 19:59:14.341381 IP 65.212.118.21.80 > 192.168.1.64.33410: Flags [.], seq 4213:5617, ack 176, win 6432, length 1404
   52 19:59:14.415653 IP 65.212.118.21.80 > 192.168.1.64.33410: Flags [.], seq 5617:7021, ack 176, win 6432, length 1404
   53 19:59:14.616627 IP 65.212.118.21.80 > 192.168.1.64.33410: Flags [.], seq 1405:2809, ack 176, win 6432, length 1404
   54 19:59:15.168975 IP 65.212.118.21.80 > 192.168.1.64.33410: Flags [.], seq 1405:2809, ack 176, win 6432, length 1404
   55 19:59:15.244915 IP 65.212.118.21.80 > 192.168.1.64.33410: Flags [.], seq 4213:5617, ack 176, win 6432, length 1404
   56 19:59:16.352607 IP 65.212.118.21.80 > 192.168.1.64.33410: Flags [.], seq 4213:5617, ack 176, win 6432, length 1404
   57 19:59:18.560576 IP 65.212.118.21.80 > 192.168.1.64.33410: Flags [.], seq 4213:5617, ack 176, win 6432, length 1404
   58 19:59:18.741621 IP 65.212.118.21.80 > 192.168.1.64.33410: Flags [.], seq 5617:7021, ack 176, win 6432, length 1404
   59 19:59:18.941183 IP 65.212.118.21.80 > 192.168.1.64.33410: Flags [.], seq 7021:8425, ack 176, win 6432, length 1404
   60 19:59:23.360857 IP 65.212.118.21.80 > 192.168.1.64.33410: Flags [.], seq 7021:8425, ack 176, win 6432, length 1404
   61 19:59:32.192737 IP 65.212.118.21.80 > 192.168.1.64.33410: Flags [.], seq 7021:8425, ack 176, win 6432, length 1404
   62 19:59:44.267381 IP 65.212.118.21.80 > 192.168.1.64.33410: Flags [.], seq 8425:9829, ack 176, win 6432, length 1404
   63 19:59:44.269510 IP 65.212.118.21.80 > 192.168.1.64.33410: Flags [.], seq 9829:11233, ack 176, win 6432, length 1404
   64 19:59:44.271699 IP 65.212.118.21.80 > 192.168.1.64.33410: Flags [.], seq 11233:12637, ack 176, win 6432, length 1404
   65 19:59:44.273920 IP 65.212.118.21.80 > 192.168.1.64.33410: Flags [.], seq 12637:14041, ack 176, win 6432, length 1404
   66 19:59:44.276258 IP 65.212.118.21.80 > 192.168.1.64.33410: Flags [.], seq 14041:15445, ack 176, win 6432, length 1404
   67 19:59:44.278144 IP 65.212.118.21.80 > 192.168.1.64.33410: Flags [.], seq 15445:16849, ack 176, win 6432, length 1404
   68 19:59:44.280288 IP 65.212.118.21.80 > 192.168.1.64.33410: Flags [.], seq 16849:18253, ack 176, win 6432, length 1404
   69 19:59:44.282501 IP 65.212.118.21.80 > 192.168.1.64.33410: Flags [.], seq 18253:19657, ack 176, win 6432, length 1404
   70 19:59:44.284995 IP 65.212.118.21.80 > 192.168.1.64.33410: Flags [.], seq 19657:21061, ack 176, win 6432, length 1404
   71 19:59:44.287025 IP 65.212.118.21.80 > 192.168.1.64.33410: Flags [.], seq 21061:22465, ack 176, win 6432, length 1404
   72 19:59:44.289222 IP 65.212.118.21.80 > 192.168.1.64.33410: Flags [.], seq 22465:23869, ack 176, win 6432, length 1404
   73 19:59:44.291409 IP 65.212.118.21.80 > 192.168.1.64.33410: Flags [.], seq 23869:25273, ack 176, win 6432, length 1404
   74 19:59:44.293651 IP 65.212.118.21.80 > 192.168.1.64.33410: Flags [.], seq 25273:26677, ack 176, win 6432, length 1404
   75 19:59:44.295618 IP 65.212.118.21.80 > 192.168.1.64.33410: Flags [.], seq 26677:28081, ack 176, win 6432, length 1404
   76 19:59:44.297842 IP 65.212.118.21.80 > 192.168.1.64.33410: Flags [.], seq 28081:29485, ack 176, win 6432, length 1404
   77 19:59:44.300019 IP 65.212.118.21.80 > 192.168.1.64.33410: Flags [.], seq 29485:30889, ack 176, win 6432, length 1404
   78 19:59:44.302461 IP 65.212.118.21.80 > 192.168.1.64.33410: Flags [.], seq 30889:32293, ack 176, win 6432, length 1404
   79 19:59:44.304704 IP 65.212.118.21.80 > 192.168.1.64.33410: Flags [.], seq 32293:33697, ack 176, win 6432, length 1404
   80 19:59:44.304718 IP 65.212.118.21.80 > 192.168.1.64.33410: Flags [FP.], seq 35101:35106, ack 176, win 6432, length 5
   81 19:59:44.306948 IP 65.212.118.21.80 > 192.168.1.64.33410: Flags [.], seq 33697:35101, ack 176, win 6432, length 1404
   82 19:59:44.347541 IP 65.212.118.21.80 > 192.168.1.64.33410: Flags [F.], seq 35106, ack 176, win 8190, length 0
   83 19:59:49.856312 IP 65.212.118.21.80 > 192.168.1.64.33410: Flags [.], seq 7021:8425, ack 176, win 6432, length 1404
   84 19:59:49.929110 IP 65.212.118.21.80 > 192.168.1.64.33410: Flags [F.], seq 35106, ack 176, win 8190, length 0
   85 19:59:49.931878 IP 65.212.118.21.80 > 192.168.1.64.33410: Flags [.], seq 11233:12637, ack 176, win 6432, length 1404
   86 18:44 Mucha:~/gits/tcpflow/src$ 
   87 
   88 So we are not handling the retransmits properly.
   89 
   90 If the file is already there:
   91  - Assume it's our file and open it; set up the buffers accordingly
   92 
   93 On retransmit:
   94  - If the data doesn't match, increment the connection count (easy way to document the retransmit)
   95