Hi nuser, The 3 items are: NOTEQUAL_VALUE1AND2 EQUAL_VALUE1OR2ORMASK (in that case MASK is actually like a VALUE3, the Criteria checks if the value in the packet equals to one of the 3 values). NOTEQUAL_VALUE1AND2ANDMASK (same remark but for the opposite check) In the next update of the plugin the field will be enlarged to have these items visible. Frederic
Frederis , could you POST Full infomation about Raw plugin (e.g. details & how to use raw plugin setup pls ! ) best regards
Hi, This is the same as choosing "Local In"/"Local Out" in the standard edition dialog box. It applies only to TCP/UDP ports. From the help file: Local port: When UDP or TCP are selected in Protocol field, there are criteria to select the ports if needed. In that list there are standard criteria ('Equal to', 'Range'...) and a special one 'Local in'. This criteria identifies the local ports Windows allocates. It depends on the version of Windows (for Vista: 49152-65535, for the other versions of Windows: 1024-5000). Using this criteria is useful to create compatible rules between the Windows versions. Frederic
With the raw rule edition plugin, you "simply" indicate which fields in the packet have to be verified. To verify a field you need to indicate the position in the packet, the criteria to do the comparison, and the values to be compared with. Now, for the questions on how to use it and how to create rules, some knowledge about IP, TCP, UDP... protocols are required, and this is beyond the scope of a simple post here... Looking at how standard rules become translated into the raw rule edition plugin could help to understand and experiment how it works. Frederic