All Channels  Technical Support/Bugs      (dev request) Layer7 deep packet inspection » Click here to find additional results for this topic using Google

Monitor this thread via RSS [?]

Pages: 1 :: [one page]
Author	Thread Statistics | Show CCP posts - 0 post(s)
Zylinfantry DUST University Ivy League 10	Posted - 2014.12.22 01:23:00 - [1] - Quote Hey guys, I write pattern recognition files for a deep packet inspection application called Layer7. L7 allows an ISP (or company) to classify a packets purpose based on common characteristics of network traffic. For example, headers held within the packet that are always in every packet, or most. Or, data that is always contained within the initial series of packets (only takes 1 pattern match to classify a connection). Once an ISP or company can classify a traffic stream, it can then use it to perform traffic management. For example, at home, I'd use it to assign high priority to gaming and voip traffic. An ISP might do the same: assign high priority to gaming traffic on its infrastructure to remain competitive with the other guy. I'd like to also write a pattern for Dust, but would rather not bust open a traffic monitor and reverse engineer it (which is against the EULA anyway). I need to know just a tiny amount about the dust protocol to continue. This information would need the following characteristics: 1. A pattern that is unique to Dust. For example, HTTP GET would be a bad idea. 2. Can't use port ranges or IP source/destination. Many applications also use the same ports, and an IP can change over time. 3. Pattern must come from the data portion itself. Preferably, in hex format. For example, YouTube streams always prepend a series of 5 junk hex digits to each packet so it can be intercepted by ISPs and redirected to a CDN. Sony also does this with the PSN and Microsoft does this with Xbox live. 4. Reasonably common data. Doesn't have to be in every packet, but just common enough that it can be interpreted easily (and early!). Common might be every 2 minutes or so. Perhaps a chat packet. Or encryption initiation. 5. Data that is common to each udp stream or tcp connection. A "stream" is communications from end to end that initiate and terminate independently. For tcp, this is easy: a SYN packet opens the connection, and FIN tears it down. For UDP, we can use source/destination port and IP to classify a stream. Many thanks!
Pages: 1 :: [one page]

Copyright © 2013-2025, Chribba - OMG Labs. All Rights Reserved. - perf 0,02s, ref 20250913/1704 EVE-Online™/DUST514™ and EVE/DUST514 imagery © CCP.

COPYRIGHT NOTICE EVE Online/DUST514, the EVE/DUST514 logo, EVE/DUST514 and all associated logos and designs are the intellectual property of CCP hf. All artwork, screenshots, characters, vehicles, storylines, world facts or other recognizable features of the intellectual property relating to these trademarks are likewise the intellectual property of CCP hf. EVE Online and the EVE logo are the registered trademarks of CCP hf. All rights are reserved worldwide. All other trademarks are the property of their respective owners. CCP hf. has granted permission to OMG Labs to use EVE Online/DUST514 and all associated logos and designs for promotional and information purposes on its website but does not endorse, and is not in any way affiliated with, OMG Labs. CCP is in no way responsible for the content on or functioning of this website, nor can it be liable for any damage arising from the use of this website.