I’m alive… News

Hi readers,

in this period i’m busy and thus no post in the last weeks, months. As soon as possible I will release a nice paper called “Smashing the stack in 2010”, born as project for the Computer Systems Security exam, it is just an introduction on stack based buffer overflows and their exploitation. It is a modern “Smashing the stack for fun and profit”, the bible written by Aleph One, it was 1996. The paper will cover both Linux and Windows systems and it gives an overview of all contermeasures developed in these years. Writing this report with a smart classmate I have improved my latex skills, at the end latex is so elegant and it will be useful for the thesis 🙂

From coding point of view, pcapino has new features and it works properly, look below:

** pcapino - 5D4A LAB **

:: Pcap filter: tcp or udp
:: Parsing log.pcap
:: Traffic sniffed on DLT_EN10MB

:: TCP Connection Number 1: xxx.xxx.xxx.xxx:yyyy <--> aaa.aaa.aaa.aaa:80
 |__ Number of packets: 10

:: TCP Connection Number 2: xxx.xxx.xxx.xxx:yyyy <--> aaa.aaa.aaa.aaa:1863
 |__ Number of packets: 4

:: UDP Connection Number 1: 192.168.xxx.xxx:yyyy <--> aaa.aaa.aaa.aaa:53
 |__ Number of packets: 5

:: Bye bye...

In this way it is possible to distinguish among different connections, on the other hand there is also
the already known verbose mode:

** pcapino - 5D4A LAB **

:: Pcap filter: tcp or udp
:: Parsing log.pcap
:: Traffic sniffed on DLT_EN10MB

:: TCP Connection Number 1: xxx.xxx.xxx.xxx:yyyy <--> aaa.aaa.aaa.aaa:cc
 |__ Number of packets: 10

:: TCP session:

------------------------------------------------------------------------------------------------------------------------------------
| TYPE  |       FROM            |       TO              |       SEQ      |      WIN      |      EVENTS
------------------------------------------------------------------------------------------------------------------------------------
| TCP   | xxx.xxx.xxx.xxx:yyyy   | aaa.aaa.aaa.aaa:cc      | 2797258817     |      5840     | SYN
------------------------------------------------------------------------------------------------------------------------------------
| TCP   | xxx.xxx.xxx.xxx:yyyy   | aaa.aaa.aaa.aaa:cc      | 2797258817     |      5840     | SYN
------------------------------------------------------------------------------------------------------------------------------------
| TCP   | xxx.xxx.xxx.xxx:yyy      | aaa.aaa.aaa.aaa:cc   | 2164376809     |      5792     | SYN/ACK
------------------------------------------------------------------------------------------------------------------------------------

....
:: UDP Connection Number 1: zzz.zzz.zzz.zzz:www <--> ddd.ddd.ddd.ddd:uu
 |__ Number of packets: 5

:: UDP session:

------------------------------------------------------------------------------------------------------------------------------------
| TYPE  |       FROM            |       TO              |       SEQ      |      WIN      |      EVENTS
------------------------------------------------------------------------------------------------------------------------------------
| UDP   | zzz.zzz.zzz.zzz:www   | ddd.ddd.ddd.ddd:uu     | /              |      /        | DNS QUERY RESPONSE
------------------------------------------------------------------------------------------------------------------------------------
| UDP   | zzz.zzz.zzz.zzz:ww   | ddd.ddd.ddd.ddd:uu     | /              |      /        | DNS QUERY RESPONSE
<pre>

see you soon,

stay tuned!!

Advertisements

One thought on “I’m alive… News

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s