View Full Version : Raw plugin !!!
-NiCeGuY-
July 12th, 2007, 04:02 AM
191418
what's those title name(red box)? I cant see the full name :'(
Frederic
July 12th, 2007, 12:34 PM
Hi nuser,
The 3 items are:
NOTEQUAL_VALUE1AND2
EQUAL_VALUE1OR2ORMASK (in that case MASK is actually like a VALUE3, the Criteria checks if the value in the packet equals to one of the 3 values).
NOTEQUAL_VALUE1AND2ANDMASK (same remark but for the opposite check)
In the next update of the plugin the field will be enlarged to have these items visible.
Frederic
ktango
July 13th, 2007, 01:51 AM
Hi Frederic
Would you mind telling me the definition of PORT_LOCAL_IN andPORT_LOCAL_OUT
-NiCeGuY-
July 13th, 2007, 04:05 AM
-{ Quote: "Hi nuser,
The 3 items are:
NOTEQUAL_VALUE1AND2
EQUAL_VALUE1OR2ORMASK (in that case MASK is actually like a VALUE3, the Criteria checks if the value in the packet equals to one of the 3 values).
NOTEQUAL_VALUE1AND2ANDMASK (same remark but for the opposite check)
In the next update of the plugin the field will be enlarged to have these items visible.
Frederic" }-
Frederis , could you POST Full infomation about Raw plugin (e.g. details & how to use raw plugin setup pls ! ) ;D
best regards :thumb:
Frederic
July 15th, 2007, 01:48 PM
-{ Quote: "Hi Frederic
Would you mind telling me the definition of PORT_LOCAL_IN andPORT_LOCAL_OUT" }-
Hi,
This is the same as choosing "Local In"/"Local Out" in the standard edition dialog box. It applies only to TCP/UDP ports.
From the help file:
Local port:
When UDP or TCP are selected in Protocol field, there are criteria to select the ports if needed. In that list there are standard criteria ('Equal to', 'Range'...) and a special one 'Local in'. This criteria identifies the local ports Windows allocates. It depends on the version of Windows (for Vista: 49152-65535, for the other versions of Windows: 1024-5000). Using this criteria is useful to create compatible rules between the Windows versions.
Frederic
Frederic
July 15th, 2007, 01:56 PM
-{ Quote: "Frederis , could you POST Full infomation about Raw plugin (e.g. details & how to use raw plugin setup pls ! ) ;D
best regards :thumb:" }-
With the raw rule edition plugin, you "simply" indicate which fields in the packet have to be verified.
To verify a field you need to indicate the position in the packet, the criteria to do the comparison, and the values to be compared with.
Now, for the questions on how to use it and how to create rules, some knowledge about IP, TCP, UDP... protocols are required, and this is beyond the scope of a simple post here...
Looking at how standard rules become translated into the raw rule edition plugin could help to understand and experiment how it works.
Frederic
ktango
July 16th, 2007, 12:52 AM
Thanks a lot, Frederic
vBulletin® Copyright ©2000-2012, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2012, Wilders Security Forums