That looks like the elegant option. It would be nice to be able to find out details of the socket once it is open. Surely it just needs to be a variation of get_tcp_elements. If I could supply a socket instead of a packet, then my problem is solved. src_port = get_tcp_elements(socket: soc, element: "th_sport"); The alternative of using IP filtering (local firewall) to supress the -> RST ACK is a cludge. > ---------- > From: Michel Arboi[SMTP:mikhailat_private] > Sent: 13 May 2003 14:37 > To: 'plugins-writersat_private' > Subject: Re: arbitrary TCP data packets > > "Jackson, Dennis" <Dennis.Jacksonat_private> writes: > > > As far as I can see from previous discussions, forge_tcp_packet cannot > be > > used to establish the 3-way handshake as the <- SYN ACK triggers a -> > RST > > ACK from the local IP stack. > > I though about adding an interface to the IP filtering functions a > while ago. But there are portability problems and most of the time, > this will not be available. > > > Alternatively, trying to use open_sock_tcp, when I come to the > > forge_tcp_packet I don't know what value to use for th_sport. > > Adding a function to get it wouldn't be difficult. > Should we? > > -- > mailto:arboiat_private > GPG Public keys: http://michel.arboi.free.fr/pubkey.txt > http://michel.arboi.free.fr/ http://arboi.da.ru/ > FAQNOPI de fr.comp.securite : http://faqnopi.da.ru/ > This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
This archive was generated by hypermail 2b30 : Tue May 13 2003 - 06:56:29 PDT