[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: firestorm-nids: DNS zone transfer TCP

To: Gianni Tedesco <gianni@xxxxxxxxxx>
Subject: Re: firestorm-nids: DNS zone transfer TCP
From: rmkml <rmkml@xxxxxxxxxx>
Date: Fri, 21 Mar 2003 19:10:04 +0100
Cc: firestorm@xxxxxxxxxxxxxxxx
Delivered-to: mailing list firestorm@scaramanga.co.uk
Mailing-list: contact firestorm-help@scaramanga.co.uk; run by ezmlm
References: <3E7B346B.EC43508A@wanadoo.fr> <1048261923.1850.39.camel@lemsip> <3E7B3CF7.8B8F5A74@wanadoo.fr> <1048267499.1861.49.camel@lemsip>
Sender: test@xxxxxxxxxx

I use firestorm/tcpdump with mtu = 1514,
tethereal confirm packet completed :
Frame 1 (74 bytes on wire, 74 bytes captured)
Frame 2 (60 bytes on wire, 60 bytes captured)
Frame 3 (54 bytes on wire, 54 bytes captured)
Frame 4 (56 bytes on wire, 56 bytes captured)
Frame 5 (60 bytes on wire, 60 bytes captured)
Frame 6 (71 bytes on wire, 71 bytes captured)
Frame 7 (60 bytes on wire, 60 bytes captured)
Frame 8 (73 bytes on wire, 73 bytes captured)
Frame 9 (54 bytes on wire, 54 bytes captured)
Frame 10 (54 bytes on wire, 54 bytes captured)
Frame 11 (60 bytes on wire, 60 bytes captured)
Frame 12 (60 bytes on wire, 60 bytes captured)
Frame 13 (54 bytes on wire, 54 bytes captured)
Frame 14 (74 bytes on wire, 74 bytes captured)
Frame 15 (60 bytes on wire, 60 bytes captured)
Frame 16 (54 bytes on wire, 54 bytes captured)
Frame 17 (56 bytes on wire, 56 bytes captured)
Frame 18 (60 bytes on wire, 60 bytes captured)
Frame 19 (79 bytes on wire, 79 bytes captured)
Frame 20 (81 bytes on wire, 81 bytes captured)
Frame 21 (54 bytes on wire, 54 bytes captured)
Frame 22 (54 bytes on wire, 54 bytes captured)
Frame 23 (60 bytes on wire, 60 bytes captured)
Frame 24 (60 bytes on wire, 60 bytes captured)
Frame 25 (54 bytes on wire, 54 bytes captured)

ok ?

You use tcpreplay ?

Regard.



Gianni Tedesco wrote:

> On Fri, 2003-03-21 at 16:25, rmkml wrote:
> > ok join tcpdump.
> > first session not view with firestorm/prelude,
> > second session view with all firestorm/prelude/snort.
> >
> > I use snort 191b233, and firestorm 053pre.
>
> Oops, I should have mentioned, can you do the tcpdump again with '-s
> 65535' ?
>
> The packets get truncated to 64 bytes otherwise.
>
> thanks.
>
> --
> // Gianni Tedesco (gianni at scaramanga dot co dot uk)
> lynx --source www.scaramanga.co.uk/gianni-at-ecsc.asc | gpg --import
> 8646BE7D: 6D9F 2287 870E A2C9 8F60 3A3C 91B5 7669 8646 BE7D
>
>   ------------------------------------------------------------------------
>                        Name: signature.asc
>    signature.asc       Type: application/pgp-signature
>                 Description: This is a digitally signed message part

References:
- firestorm-nids: DNS zone transfer TCP
  - From: rmkml
- Re: firestorm-nids: DNS zone transfer TCP
  - From: Gianni Tedesco
- Re: firestorm-nids: DNS zone transfer TCP
  - From: rmkml
- Re: firestorm-nids: DNS zone transfer TCP
  - From: Gianni Tedesco

Prev by Date: Re: firestorm-nids: DNS zone transfer TCP
Next by Date: nmap ping and firestorm
Previous by thread: Re: firestorm-nids: DNS zone transfer TCP
Next by thread: Re: firestorm-nids: DNS zone transfer TCP
Index(es):
- Date
- Thread