IDS mailing list archives
Re: Embedded IP inside HTTP packets
From: Isaac Perez <suscripcions () tsolucio com>
Date: Thu, 09 Aug 2007 18:26:37 +0200
Hi, you can try ngrep. You can make a rule for only extract packets that contain one ip in the ascii payload. Maybe is wat you need. El mié, 08-08-2007 a las 16:42 +0000, hsalleeh () hotmail com escribió:
Hello, Some of the HTTP packets contains IP Addresses inside the payload so, I want to get it ? how and using what? I know I can do it by decoding the HTTP payload using the RFCs as I did in other protocols BUT I couldn't find any RFC that describe the format and the structure of the payload. if you know these RFCs ( explains these info. ) please refer me to it. if there is any solution , using snort or any thing please help me I am using snort with MySQL Thanks in advance ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
Current thread:
- Embedded IP inside HTTP packets hsalleeh (Aug 09)
- Re: Embedded IP inside HTTP packets Isaac Perez (Aug 10)