ct (string without sense). Is there a particular way to read from a raw
> socket or a
> divert socket?
Take a look at the tcpmssd code in the ports/net collection. In a nutshell, the data
that
is read from the divert socket contains the IP header, typically followed by the
TCP/UDP header,
fo
divert socket?
Ferruccio
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
On Sun, 9 Mar 2003, Ferruccio Vitale wrote:
> Hi hackers,
>
> I've a daemon which create and open a divert socket, which is feeded
> by a 'tee rule' in ipfw rulset; my doubt is: what is it passed to
> this socket? entire packet or at least layer-3 information
>
Hi hackers,
I've a daemon which create and open a divert socket, which is feeded by a 'tee rule'
in ipfw rulset; my doubt is: what is it passed to this socket? entire packet or at
least layer-3 information (tcp/udp/...)?
Regards,
Ferruccio
To Unsubscribe: send mail to [EMAIL
I just finnished writing a program which introduces a small random delay on the
sending times in tcp to prevent synchronization of windows. I did it with divert
sockets and ipfw.
The one problem is , I was planning on setting the random delay =RTT(1+x)/cwnd where
x is a random number. Current
On Sat, Mar 16, 2002 at 09:57:46AM -0500, Robert Watson wrote:
> Heh. I had something a little like that at one point -- it just
> acted as a pass-through, but also logged in the pcap format. I
> thought someone had done modifications to tcpdump to allow it to
> speak to divert sockets, don't kn
On Sat, Mar 16, 2002 at 09:57:46AM -0500, Robert Watson wrote:
> Heh. I had something a little like that at one point -- it just acted as a
> pass-through, but also logged in the pcap format. I thought someone had
> done modifications to tcpdump to allow it to speak to divert sockets,
> don't kno
; I would like a small program which can listen to a specified divert(4)
> socket and act on the incoming packets.
>
> Specifically I want to direct all unwanted trafic from my ipfw rules
> into the divert socket and have the program examine these packets
> and when configured thres
ic from my ipfw rules
> into the divert socket and have the program examine these packets
> and when configured thresholds were exceeded take actions like:
>
> Add a blackhole route for a period of time to the source
> IP to prevent any packets getting back to the attacker.
On Tue, Mar 12, 2002 at 11:49:53PM +0100, Poul-Henning Kamp wrote:
>
> Here is something I miss a lot:
>
> I would like a small program which can listen to a specified divert(4)
> socket and act on the incoming packets.
There are a number of ports which may do something similar to what you
requ
what about a program - like snort - but instead of listening on an
interface, it would listen on your divert(4) socket. a setup like this
could actually help snort (or an other program) be more responsive.
i know that i have run into troubles with snort's flex-resp mechanism not
stopping packet
nice idea.. procmail for packets.
On Tue, 12 Mar 2002, Poul-Henning Kamp wrote:
>
> Here is something I miss a lot:
>
> I would like a small program which can listen to a specified divert(4)
> socket and act on the incoming packets.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsub
On Tue, 12 Mar 2002, Poul-Henning Kamp wrote:
> Here is something I miss a lot:
>
> I would like a small program which can listen to a specified divert(4)
> socket and act on the incoming packets.
>
> Specifically I want to direct all unwanted trafic from my ipfw rules
> i
Here is something I miss a lot:
I would like a small program which can listen to a specified divert(4)
socket and act on the incoming packets.
Specifically I want to direct all unwanted trafic from my ipfw rules
into the divert socket and have the program examine these packets
and when
Witthaya Panichprechakorn writes:
> I use divert socket to captuer packets. I found that when
> I capture a set of fragmented packets, there are 2 incoming reassembled
> packets. The sin_port of sockaddr_in of the first packet is 0,
> and of another packet is the port number, wh
Dear Sir,
I use divert socket to captuer packets. I found that when
I capture a set of fragmented packets, there are 2 incoming reassembled
packets. The sin_port of sockaddr_in of the first packet is 0,
and of another packet is the port number, which it bound to.
However, when the packet
16 matches
Mail list logo
