View unanswered posts | View active topics It is currently Tue Aug 20, 2019 1:27 am



Post new topic Reply to topic  [ 4 posts ] 
 Listen one module on all ports 
Author Message

Joined: Sat Oct 10, 2009 10:04 am
Posts: 38
Reply with quote
Post Listen one module on all ports
Hello,

I want to decode a protocol that it doesn't have standard port(standard destination port). For decoding it, i need to listen on all ports and get all packets and recognize its traffic from packet's content.

So i want to write one module that it listens on all ports. How can i do it? Is it enough to not specify standard port in module's header file? for example if in telnet.h i remove below line:
Code:
#define TCP_PORT_TELNET                   23

it listens on all port?


Sat Aug 14, 2010 7:55 am
Profile
Site Admin

Joined: Wed Sep 16, 2009 10:09 pm
Posts: 394
Reply with quote
Post Re: Listen one module on all ports
All dissectors over TCP and UDP listen all PORT.
before a "flow "is sent to a thread of a dissector, it should be classified (recognized).
In Xplico there are two types of classification (dependencies):
- Fixed (with verification optional)
- Heuristic
These are defined by two separate structures:
Code:
    proto_heury_dep hdep;
    proto_dep dep;

and shall be made active by the functions:
Code:
 ProtDep(&dep);
 ProtHeuDep(&hdep);

ONLY within the Register function of the single dissector: DissecRegist The number of dependencies is unlimited.

You have chosen the Telnet, it was not yet complete. Here is the new code (which it will be in 0.6.0) that recognizes the telnet (also) not by the standard port.
Attachment:
telnet.tgz

Try to comment ProtDep(&dep); (that define the standard prot).
I think it is not difficult to discover the difference between proto_heury_dep/ProtHeuDep and proto_dep/ProtDep within the code of telnet dissector.

What protocol are you implementing?

Ciao.
Gianluca


You do not have the required permissions to view the files attached to this post.


Sat Aug 14, 2010 10:08 am
Profile WWW

Joined: Sat Oct 10, 2009 10:04 am
Posts: 38
Reply with quote
Post Re: Listen one module on all ports
Thank you for helping.
Quote:
What protocol are you implementing?

MSN

I understand that:
I should write a function(MSNCheck) that check traffics and if was MSN return true. Then introduce it in DissecRegist function by:
hdep.ProtCheck = MSNCheck;

With this way, when a packet recieved and MSNCheck return true, MSNDissector will call with related flow_id.

Is it correct?


Sun Aug 15, 2010 9:13 am
Profile
Site Admin

Joined: Wed Sep 16, 2009 10:09 pm
Posts: 394
Reply with quote
Post Re: Listen one module on all ports
Quote:
Is it correct?

Perfect!


Sun Aug 15, 2010 9:17 pm
Profile WWW
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ] 


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Designed by Vjacheslav Trushkin for Free Forums/DivisionCore.