A packet analysis challenge - Page 2
Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 26

Thread: A packet analysis challenge

  1. #11
    Junior Member
    Join Date
    Feb 2003
    Posts
    15
    . The windows size is 65502 but changes for every packet. So this is probably a windows machine based on the fact that it changes.This is not a reliable method because it can be changed by a program rather than the os.
    Window size can change based on network congestion (sender based flow control IE: congestion window which is not advertised. Look into "slow start" or "congestion avoidance" in TCP/IP) or the buffer space of the designation (receiver based flow control which is advertised). This is true for all network clients , but you can make guesses as to what an OS is by it's starting advertised window size.



    5. The protocol id is 06 (TCP/IP). Where can i find a listing of the protocol id#'s?
    http://www.iana.org/assignments/protocol-numbers


    Its IPv4 with 20 bytes apiece for TCP/IP
    No, that field states the IP header length period.


    8. The next word is 18 which comes to 24 in decimal. I think this means that the urgent flag and ack flags are set but I am not really sure.
    Convert to binary and do a bit placement comparison.



    Have fun
    Ferengi Rules of Acquisition:

    Rule 59 Free advice is seldom cheap.

  2. #12
    Junior Member
    Join Date
    Feb 2003
    Posts
    15
    So, Don are you ever going to tell us what the packet capture was all about or is this thread just going to die on the vine like the other one?

    Security forum..hmmmmmmmm........ Guess I'll stick to intrusion mailing list
    Ferengi Rules of Acquisition:

    Rule 59 Free advice is seldom cheap.

  3. #13
    Senior Member
    Join Date
    Jul 2002
    Posts
    339
    Ping Companion is a network security tool designed to accompany Ping in its scanning processes. It retrieves IPs, writable directories, and OS types from Ping's log and then checks their upload access, upload speed, download access, download speed, list access, delete access, FXP access, FXP speed, and available hard drive space using a file called space.asp. Use this program to ensure that your network is secure.

    http://workshops.prohosting.com/dev/...companion.html

    Peace always,
    <jdenny>

    PS: Where can I collect the prize?
    Always listen to experts. They\'ll tell you what can\'t be done and why. Then go and do it. -- Robert Heinlein
    I\'m basically a very lazy person who likes to get credit for things other people actually do. -- Linus Torvalds


  4. #14
    Junior Member
    Join Date
    Feb 2003
    Posts
    15
    That's part of Grim (Ping Companion ) features, so I win unless you can prove you didn't read my post or we're both wrong.
    Ferengi Rules of Acquisition:

    Rule 59 Free advice is seldom cheap.

  5. #15
    Senior Member
    Join Date
    Dec 2002
    Posts
    110
    This is indeed Grim's Ping doing it's work. Sorry for the lack of responses. I have given up
    on this site due to the plethora of idiots who inhabit this space ie: TheFiend amongst others.
    The people who populate this site need to learn there is a world of difference between those
    who actually hack and the scipt kiddie idiots, and the wannabe's that compose the vast majority of this sites membership. So that rant is over and cause of that will take myself elsewhere. I don't need the aggravation.

  6. #16
    Junior Member
    Join Date
    Feb 2003
    Posts
    15
    I know the feeling. I too joined the site looking to interact with more security pros, but instead find the site filled with students ( nothing wrong with this I'm just not in the teaching mode if you know what I mean) and wannbe hackers/crackers (most of whom don't seem to have a clue otherwise I wouldn't mind conversing with 'em).

    Not exactly what I was hoping for.
    Ferengi Rules of Acquisition:

    Rule 59 Free advice is seldom cheap.

  7. #17
    Senior Member
    Join Date
    Dec 2002
    Posts
    110
    Keep an eye on Bugtraq over the next couple of weeks. I will be making a couple of posts there in regards to something I have been working on recently. Feel free to pm me anytime
    at my listed mail addy.

  8. #18
    Senior Member
    Join Date
    Dec 2002
    Posts
    144
    this is interesting.. is there a course that teaches u how to read a TCP/IP Packet?
    BlAcKiE
    GearBlitz

  9. #19
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Originally posted here by Penguin
    this is interesting.. is there a course that teaches u how to read a TCP/IP Packet?

    Yea, the TCP/IP class I have right now. We go through this stuff daily.
    Kill the lights, let the candles burn behind the pumpkins’ mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

  10. #20
    Senior Member
    Join Date
    Dec 2002
    Posts
    144
    what course r u studying now? is it online?
    BlAcKiE
    GearBlitz

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •