Hi readers,
in this period i’m busy and thus no post in the last weeks, months. As soon as possible I will release a nice paper called “Smashing the stack in 2010”, born as project for the Computer Systems Security exam, it is just an introduction on stack based buffer overflows and their exploitation. It is a modern “Smashing the stack for fun and profit”, the bible written by Aleph One, it was 1996. The paper will cover both Linux and Windows systems and it gives an overview of all contermeasures developed in these years. Writing this report with a smart classmate I have improved my latex skills, at the end latex is so elegant and it will be useful for the thesis 🙂
From coding point of view, pcapino has new features and it works properly, look below:
** pcapino - 5D4A LAB ** :: Pcap filter: tcp or udp :: Parsing log.pcap :: Traffic sniffed on DLT_EN10MB :: TCP Connection Number 1: xxx.xxx.xxx.xxx:yyyy <--> aaa.aaa.aaa.aaa:80 |__ Number of packets: 10 :: TCP Connection Number 2: xxx.xxx.xxx.xxx:yyyy <--> aaa.aaa.aaa.aaa:1863 |__ Number of packets: 4 :: UDP Connection Number 1: 192.168.xxx.xxx:yyyy <--> aaa.aaa.aaa.aaa:53 |__ Number of packets: 5 :: Bye bye...
In this way it is possible to distinguish among different connections, on the other hand there is also
the already known verbose mode:
** pcapino - 5D4A LAB ** :: Pcap filter: tcp or udp :: Parsing log.pcap :: Traffic sniffed on DLT_EN10MB :: TCP Connection Number 1: xxx.xxx.xxx.xxx:yyyy <--> aaa.aaa.aaa.aaa:cc |__ Number of packets: 10 :: TCP session: ------------------------------------------------------------------------------------------------------------------------------------ | TYPE | FROM | TO | SEQ | WIN | EVENTS ------------------------------------------------------------------------------------------------------------------------------------ | TCP | xxx.xxx.xxx.xxx:yyyy | aaa.aaa.aaa.aaa:cc | 2797258817 | 5840 | SYN ------------------------------------------------------------------------------------------------------------------------------------ | TCP | xxx.xxx.xxx.xxx:yyyy | aaa.aaa.aaa.aaa:cc | 2797258817 | 5840 | SYN ------------------------------------------------------------------------------------------------------------------------------------ | TCP | xxx.xxx.xxx.xxx:yyy | aaa.aaa.aaa.aaa:cc | 2164376809 | 5792 | SYN/ACK ------------------------------------------------------------------------------------------------------------------------------------ .... :: UDP Connection Number 1: zzz.zzz.zzz.zzz:www <--> ddd.ddd.ddd.ddd:uu |__ Number of packets: 5 :: UDP session: ------------------------------------------------------------------------------------------------------------------------------------ | TYPE | FROM | TO | SEQ | WIN | EVENTS ------------------------------------------------------------------------------------------------------------------------------------ | UDP | zzz.zzz.zzz.zzz:www | ddd.ddd.ddd.ddd:uu | / | / | DNS QUERY RESPONSE ------------------------------------------------------------------------------------------------------------------------------------ | UDP | zzz.zzz.zzz.zzz:ww | ddd.ddd.ddd.ddd:uu | / | / | DNS QUERY RESPONSE <pre>
see you soon,
stay tuned!!
5D4A LAB 
i’m looking forward to read ur paper. 🙂
hope all the things are fine.
/code91