[prev in list] [next in list] [prev in thread] [next in thread] 

List:       focus-ids
Subject:    Re: Re: SMTP traffic
From:       Jose Nazario <jose () monkey ! org>
Date:       2007-11-30 19:15:20
Message-ID: Pine.BSO.4.64.0711301414090.12024 () funky ! monkey ! org
[Download RAW message or body]

On Thu, 29 Nov 2007, henry_smith@gmail.com wrote:

> Similar to SMTP decoding algorithm is it possible to have decoding 
> algorithm for RPC, DHCP and DNS protocol.

dugsong's dpkt code can do all of this:

 	http://dpkt.googlecode.com/svn/trunk/dpkt/

note that the number of RPC program are huge and long and each seem to use 
their own opcodes, so getting a truly comprehensive decode may be a bit 
more work.

hope this is useful.

________
jose nazario, ph.d.		    http://monkey.org/~jose/

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------

[prev in list] [next in list] [prev in thread] [next in thread]