How about controlling telnet via Expect? I think Expect would be fast enough to have telnet send "USER " as a single segment, then have your expect script sleep for n seconds, then send the rest. Marc -----Original Message----- From: Crist J. Clark [mailto:crist.clarkat_private] Sent: Wednesday, June 11, 2003 12:52 PM To: pen-testat_private Subject: Controling Segment Contents in TCP Stream I am looking for a simple tool that I can use to control how TCP data is split up among segments. I can't seem to figure out how to coax Netcat into doing this. What I am trying to do is mess with some firewall/proxy software by screwing with (unfounded) assumptions it makes about the contents of individual packets. For example, I am seeing some Widely Used Commercial Firewall Software choke when an FTP client sends a packet containing just, "USER " That is, U, S, E, R, and a space. The next segment carries the rest of the line, "anonymous\r\n" Now, since TCP is a stream-oriented protocol, this is actually perfectly acceptable behavior. The TCP stack of the server will handle this just fine, and the FTP server software will see the perfectly Standard-compliant input, "USER anonymous\r\n" At the other end. This is an old and well known problem with firewall/proxies, yet we see it all of the time. The problem I am having is finding a tool that lets me easily control the data in each segement of the TCP stream. I've manually crafted some packets with hping2 to do some testing, but it is a huge PITA to build the whole SYN/SYN-ACK/ACK handshake each time. Can anyone recommend a tool or show me how to get Netcat to do this? Or am I going to have to build something myself or hack Netcat code? Since this is a well known issue, I was hoping someone already had done the work and made it available. Thanks. -- Crist J. Clark | cjclarkat_private | cjclarkat_private http://people.freebsd.org/~cjc/ | cjcat_private --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Wed Jun 11 2003 - 13:51:06 PDT