Re: arbitrary TCP data packets

From: Renaud Deraison (deraisonat_private)
Date: Tue May 13 2003 - 07:01:44 PDT

  • Next message: Michel Arboi: "Re: arbitrary TCP data packets"

    On Tue, May 13, 2003 at 02:53:09PM +0100, Jackson, Dennis wrote:
    > That looks like the elegant option. It would be nice to be able to find out
    > details of the socket once it is open.
    > 
    > Surely it just needs to be a variation of get_tcp_elements. If I could
    > supply a socket instead of a packet, then my problem is solved.
    > src_port = get_tcp_elements(socket: soc, element: "th_sport");
    
    The thing is that no operating system offers a really nice interface to
    gather that kind of information. For the IDS evasion features in Nessus,
    which needed that exact functionnality (although in C), the solution I
    found was to sniff the data we send and receive and compute the next
    th_seq and th_ack. I guess the same could be done in NASL by using the
    function pcap_next(), although I really never tested it.
    
    				-- Renaud
    



    This archive was generated by hypermail 2b30 : Tue May 13 2003 - 07:00:34 PDT