-
Notifications
You must be signed in to change notification settings - Fork 5
EtherScope_Analyzer
The packet analysis is split in different parts depending on the protocol identified on the packet.
The packet analyzer looks at the received Ethernet packet and applies protocol specific analysis to gather all the information. It provides entry points for the display task to retrieve the collected data.
The analysis is internally protected from concurrency between the receiver's task that uses the Analyze procedure and the display task that uses other operations.
The Ethernet packet analyzer collects the different source Ethernet addresses and different Ethernet types seen in the Ethernet header. The information is collected in two different tables:
o A device table keeps a list of devices seen on the network. o A protocol table keeps a list of Ethernet protocols.
Both tables have fixed sizes to avoid dynamic memory allocation. New entries are filled in the tables until all the entries are used. The last table entry is used to collect everything that does not fit.
The IPv4 packet analyzer collects the different IPv4 addresses seen on the network. It maintains a table of per-device statistics, the device index is computed by the Ethernet analyzer based on the source Ethernet address. When we detect several IP addresses for the same device, the Multihome flag is set.
We also collect global IPv4 protocol statistics.
The IGMP analysis looks at multicast group submissions and remember which multicast group was subscribed. It also identifies the multicast traffic and associate it to the IGMP group. The analyzer identifies when a host subscribes to a multicast group and when the group is left.
The implementation is able to remember only one subscriber.
Generated by Dynamo from etherscope-analyzer.ads