Trajectory sampling for direct traffic observation
IEEE/ACM Transactions on Networking (TON)
A framework for wireless LAN monitoring and its applications
Proceedings of the 3rd ACM workshop on Wireless security
The BSD packet filter: a new architecture for user-level packet capture
USENIX'93 Proceedings of the USENIX Winter 1993 Conference Proceedings on USENIX Winter 1993 Conference Proceedings
Evaluation of header field entropy for hash-based packet selection
PAM'08 Proceedings of the 9th international conference on Passive and active network measurement
On the fidelity of 802.11 packet traces
PAM'08 Proceedings of the 9th international conference on Passive and active network measurement
Enhancing network intrusion detection with integrated sampling and filtering
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
WSEAS Transactions on Computers
Proceedings of the 8th ACM Symposium on Performance evaluation of wireless ad hoc, sensor, and ubiquitous networks
| Hi-index | 0.00 |
Low power devices such as common wireless router platforms are not capable of performing reliable full packet capture due to resource constraints. In order for such devices to be used to perform link-level measurement on IEEE 802.11 networks, a packet sampling technique is required in order to reliably capture a representative sample of frames. The traditional Berkeley Packet Filter mechanism found in UNIX-like operating systems does not directly support packet sampling as it provides no way of generating pseudo-random numbers and does not allow a filter program to keep state between invocations. This paper explores the use of the IEEE 802.11 Frame Check Sequence as a source of pseudo-random numbers for use when deciding whether to sample a packet. This theory is tested by analysing the distribution of Frame Check Sequences from a large, real world capture. Finally, a BPF program fragment is presented which can be used to efficiently select packets for sam piing.