ESP sequence check for lost packets ?

0

Is there a way to check the correct sequence of ESP packets, looking for lost ones ?

Without knowing any key or encryption algorithm, a basic quality check of an encrypted flow could be to check the esp.sequence field, that should be monotonically increasing within the same flow, identified by the esp.spi field.

My first idea would be to extract the fields at the command line and continue with perl, but a nice feature in wireshark would be to colorize the lost packets as in TCP.

asked 03 Nov '10, 11:09

S%20Peters's gravatar image

S Peters
61229
accept rate: 0%

edited 03 Nov '10, 11:10

Be the first one to answer this question!
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Tags:

×94
×24
×16
×5
×1

Asked: 03 Nov '10, 11:09

Seen: 1,563 times

Last updated: 03 Nov '10, 11:10

Related questions

Is there any way to gauge how many times connection times out over a length of time?

TCP PREVIOUS SEGMENT LOST #REALLY RARE CASE#

wrong sequence

Bandwidth parameters

Packet color changes

Calling MAC-LTE dissector from my own dissector

Newb question; viewing capture results

Comparing Packets

basic question on tcp function

Relative Sequence Number

about | faq | privacy | support | contact

powered by OSQA