Re: arbitrary TCP data packets

From: Renaud Deraison (deraisonat_private)
Date: Tue May 13 2003 - 07:01:44 PDT

Next message: Michel Arboi: "Re: arbitrary TCP data packets"

Previous message: Jackson, Dennis: "RE: arbitrary TCP data packets"
In reply to: Jackson, Dennis: "RE: arbitrary TCP data packets"
Next in thread: Michel Arboi: "Re: arbitrary TCP data packets"
Reply: Michel Arboi: "Re: arbitrary TCP data packets"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, May 13, 2003 at 02:53:09PM +0100, Jackson, Dennis wrote:
> That looks like the elegant option. It would be nice to be able to find out
> details of the socket once it is open.
> 
> Surely it just needs to be a variation of get_tcp_elements. If I could
> supply a socket instead of a packet, then my problem is solved.
> src_port = get_tcp_elements(socket: soc, element: "th_sport");

The thing is that no operating system offers a really nice interface to
gather that kind of information. For the IDS evasion features in Nessus,
which needed that exact functionnality (although in C), the solution I
found was to sniff the data we send and receive and compute the next
th_seq and th_ack. I guess the same could be done in NASL by using the
function pcap_next(), although I really never tested it.

				-- Renaud

Next message: Michel Arboi: "Re: arbitrary TCP data packets"
Previous message: Jackson, Dennis: "RE: arbitrary TCP data packets"
In reply to: Jackson, Dennis: "RE: arbitrary TCP data packets"
Next in thread: Michel Arboi: "Re: arbitrary TCP data packets"
Reply: Michel Arboi: "Re: arbitrary TCP data packets"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue May 13 2003 - 07:00:34 PDT