Skip to main content

Header Analysis Application

Scenario

We aim to implement a network packet header analysis application to detect suspicious behaviors from a network security standpoint. We assume the following steps are already implemented sequentially:

  • Packet headers are received through a socket.
  • Packet analysis is performed using functions already implemented in a shared library.
  • Data about suspicious packets (according to the analysis) are written to an application log file.

All answers should be justified.

Questions

  1. What specific technologies and concepts do you use to optimize the application (multithreading, multiprocessing, I/O multiplexing, asynchronous operations)?

  2. How do you ensure scalability/performance of the application in case the number of packets in the network is very high (network flooding)?

  3. How do you ensure uniform data writing to the application analysis log file?