Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Libnet
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: tcp reassembly for multiple connections simultaneously help needed

from [Jose Nazario] Network Security [Permanent Link]
Subject: Re: tcp reassembly for multiple connections simultaneously help needed
Date: Sun, 24 Oct 2004 21:21:44 -0400 (EDT) 
On Sun, 24 Oct 2004, muhammad alqama wrote:


i m trying to build and save (in separate files) tcp sessions for
multiple connections from sniffed data. i have tried to save data after
NIDS_CLOSE || NIDS_RESET option but it does not work .. (i dont know
why) .. it writes garbage in file . or sometimes very small amount of
data (perhaps buffer size has to b increased but TCP->CLIENT.BUFSIZE
does no good). ( i need multithreaded like support). saving data at
option NIDS_DATA is no helpful as i need to save data for each
connection in multiple files. any suggestions regarding solution of the
problem...


are you calling nids_discard() in the state NIDS_DATA? in your TCP
calback, check for the state NIDS_DATA and, when you see it, call
"nids_discard(tcp, 0)" where "tcp" is the tcp stream object in your
callback; change the name as needed.

from the manpage:

       nids_discard() may be called from the TCP  callback  func-
       tion  to  specify  the number of bytes to discard from the
       beginning of the data buffer (updating  the  offset  value
       accordingly)  after the TCP callback function exists. Oth-
       erwise, the new data (totalling count_new bytes)  will  be
       discarded by default.


sounds like you're discarding the new data.

________
jose nazario, ph.d.                     jose@monkey.org
http://monkey.org/~jose/                http://infosecdaily.net/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  tcp reassembly for multiple connections simultaneously help needed, muhammad alqama
Previous by Thread:  tcp reassembly for multiple connections simultaneously help needed, muhammad alqama
Next by Thread:  Bug in ip_tos.c use of libnet_build_ethernet(), cnelson
Indexes:  [Date] [Thread] [Top] [All Lists]