ANTARES API documentation

This document presents the Application Programmer Interface to the Advanced Network Traffic Analysis Research and Experimentation System (ANTARES) library. The ANTARES system is designed to facilitate research on network traffic by making it easier to develop new measurement techniques for network traffic, to better analyze and profile network activity. The initial system was developed in the context of intrusion detection (specifically for detecting hidden channels over HTTP), but it is hoped that it should have far wider applicability.

Note:

Big caveat here - I expect that the quality of the code is not quite up to 'professional'. I've done things properly to my mind, but I'm not an experienced C++ programmer, so I've likely made numerous errors. The code is full of Javaisms (e.g. toString and clone) and Perlisms (e.g. single-statement loop bodies and if-then-else clauses enclosed in curly braces). If I knowingly do something dicey, I'll comment it as such. Anything else is probably unwitting.

Todo:

Figure out when to properly return by copy, reference, or pointer and refactor the code appropriately.

Learn C++ template-linking magic well enough to be able to build a working shared library.

Design a language for expressing flow attributes, and build a parser to read that language, so that attributes can be specified in a configuration file.

Build an autoconf wrapper for building ANTARES.

Set up the autoconf wrapper to be able to build on *BSD.

Tidy up the dependencies and depended-upon libraries (particularly qcap - the reliance on a patched pcap for file pointers is not a great thing).

---