TCP flags packet counting
Masoud Sadri
masoud.ms70 at gmail.com
Mon Dec 10 12:57:09 EST 2018
Thanks for your reply.
My thesis is about finding the anomaly in network flows. I used Johan Mazel
thesis[1] as the base of my work. As you can see in section 3.1.2,
"Multi-resolution Flow Aggregation"; he aggregated network flows and
extracted nine features from them. Two of them(nRST/nPkts and nSYN/nPkts)
depend on TCP flags counter field.
Masoud
[1] https://tel.archives-ouvertes.fr/tel-00667654/document
On Sun, Dec 9, 2018 at 5:36 PM <carter at qosient.com> wrote:
> Hey Masoud,
> We don’t track the number of packet types in a TCP connection, not
> something that has come up in a few decades. It would be easy to do, and
> would involve extending the TCP DSR to add counters for each flag type, and
> of course all their combinations. But as I mentioned, no one has been
> looking for those metrics.
>
> Can you tell us why this is important to your thesis ??? Are you doing
> something for security or operations ???
>
> Carter
>
> On Dec 8, 2018, at 3:01 PM, Masoud Sadri <masoud.ms70 at gmail.com> wrote:
>
> Hi,
> In addition of total packets in each record I need to know the number of
> syn,ack,fin,rst,urg,psh,cwr,ece packets separably.
> Could you help me, please?
>
>
> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=icon> Virus-free.
> www.avast.com
> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=link>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20181210/276fff16/attachment.html>
More information about the argus
mailing list