Weekly Report -- 10/06/2011




Continued trying to get a useful libprotoident comparison result using data captured live from the ISP capture point. Managed to solve some of my memory issues by reducing the amount allocated to the DAG card - can now run tests for a decent length of time without running into swap.

However, I was still finding that many of the DPI tools were performing surprisingly poorly even when working with simple HTTP flows. Managed to track this down to a rather obscure libtrace bug where the cached capture length is not reset when using a bpf filter in combination with event-based DAG capture.

While waiting for captures etc. to run, I continued working on the text for a paper on the topic. Mostly done in terms of background, methodology and evaluation techniques - just need to start putting some useful results in there.