[Bro-Dev] Hui Lin_Searching help for some reconstructing TCP packet
Seth Hall
seth at icir.org
Tue Nov 22 09:40:32 PST 2011
On Nov 22, 2011, at 12:37 PM, Hui Lin (Hugo) wrote:
> For each DNP3 packet, I can use the Bro to extract a byte stream of the TCP payload. I am wondering is there any way to reverse this procedure. For example, I had a byte stream X. I wish to construct a network packet based on TCP protocol and this X will be the payload of TCP packet. If the X is too long, I hope that several TCP packets can be constructed with the correct sequence number being set.
It might be best to use something like Scapy to modify the packet contents. I think you should be able to load in packets, modify them and write them back out. (don't hold me to that though, I don't know Scapy very well yet)
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the bro-dev
mailing list