Filtered capture has 12000 packets. these are SYNs seen by the controller. I have 2 regular traffics generated with iperf and a sort of syn flood attack generated by a python script that perform also IP spoofing. In the case that I've analyzed I've 50 malicious sources and every source sends 50 SYNs. So, I expect 2500 SYNs+2+some SYN dup. At most I figure that all SYNs processed by the controller reach the dastination (I can consider also a smaller amount of SYNs if there are some packet lost).
2014-03-11 19:39 GMT+01:00 Naman Muley <[email protected]>: > Hi Silvia, > > On Tue, Mar 11, 2014 at 2:30 PM, Silvia Fichera <[email protected]>wrote: > >> Hi, >> I was checking the wireshark capture on the controller (pox) and filtered >> tcp syn packet. >> (tcp.flags.syn==1 and tcp.flags.ack==0) >> >> I know that my TCP server receives more or less 400 syn packets, but I >> see approximately 12000 >> >> > Firstly I don't know if you should trust wireshark with packet captures > with 12000 SYN packets. It is lossy. > > Secondly, TCP SYN packets are generated by the application layer thinking > there is no connection with the server and then wants to connect to the > server. What are you running on the application layer ? HTTP ? NFS ? > > Thirdly, try and take a look if there any RSTs you see in the capture. > > Some more details about what it is you are doing will help debug. > > >> I would like to make statistics about syn packet processed by the >> controller, but I think that there is something wrong... >> >> > I am pretty much a noob, so please excuse if my leads are wrong. > > >> Thank you >> -- >> Silvia Fichera >> >> Naman > >> _______________________________________________ >> openflow-discuss mailing list >> [email protected] >> https://mailman.stanford.edu/mailman/listinfo/openflow-discuss >> >> > -- Silvia Fichera
_______________________________________________ openflow-discuss mailing list [email protected] https://mailman.stanford.edu/mailman/listinfo/openflow-discuss
