[Bro-Dev] Hui Lin_Searching help for some reconstructing TCP packet

Hui Lin (Hugo) hlin33 at illinois.edu
Tue Nov 22 09:37:37 PST 2011


It is probably not related to Bro development but it is a challenge that I
met in my research progress.

Right now, I can at least get some different DNP3 traffic from what I had
before. I would like to generate some illegal traffic based on this legal
traffic set. My plan is to flip a bit values in each bit location of the
DNP3 packet and see how my Bro analyzer behave.

For each DNP3 packet, I can use the Bro to extract a byte stream of the TCP
payload. I am wondering is there any way to reverse this procedure. For
example, I had a byte stream X. I wish to construct a network packet based
on TCP protocol and this X will be the payload of TCP packet. If the X is
too long, I hope that several TCP packets can be constructed with the
correct sequence number being set.

I am taking look at the socket api in Windows at this moment (WSASocket).
But I am not quite sure whether it is possible to do this by that API.

Any comments and inputs are welcome.


Hui Lin
Research Assistant
DEPEND Research Group, ECE Department
University of Illinois at Urbana-Champaign
hlin33 at illinois.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.icsi.berkeley.edu/pipermail/bro-dev/attachments/20111122/3aeefa08/attachment.html 

More information about the bro-dev mailing list