Re: covert channel

["Deian Stefan" <deianstefan () gmail com>]

try adding -x or -X to actually print the packet

On 1/2/07, urandom character special device <urandomdev () gmail com> wrote:
> Hi
>
> With "ping" I send the HEX value "FFE". When I running tcpdump I don't
> see the HEX value (snap-lenght is hole packet)
>
> # ping -c 1 -p FFE 192.168.111.111
> PATTERN: 0xff0e
> PING 192.168.111.111 (192.168.111.111) 56(84) bytes of data.
> 64 bytes from 192.168.111.111: icmp_seq=1 ttl=64 time=0.646 ms
>
> --- 192.168.111.111 ping statistics ---
> 1 packets transmitted, 1 received, 0% packet loss, time 0ms
> rtt min/avg/max/mdev = 0.646/0.646/0.646/0.000 ms
>
> # tcpdump -s0 -i eth0 icmp
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
> 20:21:11.448937 IP 192.168.111.115 > 192.168.111.111: ICMP echo
> request, id 12826, seq 1, length 64
> 20:21:11.449555 IP 192.168.111.111 > 192.168.111.115: ICMP echo reply,
> id 12826, seq 1, length 64


--
Deian Stefan
PGP public key: http://www.ee.cooper.edu/~stefan/gmail_pub.key

---------------------------------------------------------------------------
This list is sponsored by: ByteCrusher

Detect Malicious Web Content and Exploits in Real-Time.
Anti-Virus engines can't detect unknown or new threats.
LinkScanner can. Web surfing just became a whole lot safer.

http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect
---------------------------------------------------------------------------