[Bro-Dev] Hui Lin_Searching help for some reconstructing TCP packet
Hui Lin (Hugo)
hlin33 at illinois.edu
Tue Nov 22 09:37:37 PST 2011
Hi,
It is probably not related to Bro development but it is a challenge that I
met in my research progress.
Right now, I can at least get some different DNP3 traffic from what I had
before. I would like to generate some illegal traffic based on this legal
traffic set. My plan is to flip a bit values in each bit location of the
DNP3 packet and see how my Bro analyzer behave.
For each DNP3 packet, I can use the Bro to extract a byte stream of the TCP
payload. I am wondering is there any way to reverse this procedure. For
example, I had a byte stream X. I wish to construct a network packet based
on TCP protocol and this X will be the payload of TCP packet. If the X is
too long, I hope that several TCP packets can be constructed with the
correct sequence number being set.
I am taking look at the socket api in Windows at this moment (WSASocket).
But I am not quite sure whether it is possible to do this by that API.
Any comments and inputs are welcome.
Best
--
Hui Lin
Research Assistant
DEPEND Research Group, ECE Department
University of Illinois at Urbana-Champaign
hlin33 at illinois.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.icsi.berkeley.edu/pipermail/bro-dev/attachments/20111122/3aeefa08/attachment.html
More information about the bro-dev
mailing list