IDS mailing list archives

Re: Embedded IP inside HTTP packets

From: Isaac Perez <suscripcions () tsolucio com>
Date: Thu, 09 Aug 2007 18:26:37 +0200

Hi,
you can try ngrep. You can make a rule for only extract packets that
contain one ip in the ascii payload.
Maybe is wat you need.

El mié, 08-08-2007 a las 16:42 +0000, hsalleeh () hotmail com escribió:

Hello,

Some of the HTTP packets contains IP Addresses inside the payload 
so, I want to get it ? how and using what? 
I know I can do it by decoding the HTTP payload using the RFCs as I did in other protocols BUT I couldn't find any 
RFC that describe the format and the structure of the payload. if you know these RFCs ( explains these info. ) please 
refer me to it. 

if there is any solution , using snort or any thing please help me 
I am using snort with MySQL 
Thanks in advance 

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------



------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------

Current thread:

Embedded IP inside HTTP packets hsalleeh (Aug 09)
- Re: Embedded IP inside HTTP packets Isaac Perez (Aug 10)