ameily
commented
1 year ago I spent some time researching this today and I'm going to deprioritize this for the time being and go in a different direction instead for several reasons:
- Comparing two pcaps or providing some type of pattern matching for pcaps would be an extremely large amount of work because the variability of protocols, links, latency, etc. It can be done, but for our initial version I don't think it'll be necessary because there are other artifacts available to us.
- And, what we are comparing? Flows, data, what level in the TCP/UDP stack?
- Evaluating a network server will require a client. In this case, the client knows whether the server is operating correctly and will produce some artifact indicating the result of the interaction with the server (stdout/stderr, output file, exit code, etc.)
- Why would we replicate the checks that the client most likely already has within DIFFER? Just use the client
So, instead of creating a new framework for capturing network traffic and analyzing or comparing the results, I think the best solution is to add a new feature in DIFFER to compare both the server binary and the client, using the same extensible comparator component.
As part of #10, we need to do some initial work to determine what is feasible and what existing tools we can use to:
The output of this task is some discussion on this issue regarding what is a available and proposed solutions. Once we find an ideal approach, create follow-on issues under the epic to work on next.