Raw plugin !!!

Discussion in 'LnS English Forum' started by -NiCeGuY-, Jul 12, 2007.

Thread Status:
Not open for further replies.
  1. -NiCeGuY-

    -NiCeGuY- Registered Member

    Joined:
    Mar 5, 2007
    Posts:
    79
    raw question.JPG

    what's those title name(red box)? I cant see the full name :'(
     
  2. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Hi nuser,

    The 3 items are:
    NOTEQUAL_VALUE1AND2
    EQUAL_VALUE1OR2ORMASK (in that case MASK is actually like a VALUE3, the Criteria checks if the value in the packet equals to one of the 3 values).
    NOTEQUAL_VALUE1AND2ANDMASK (same remark but for the opposite check)

    In the next update of the plugin the field will be enlarged to have these items visible.

    Frederic
     
  3. ktango

    ktango Registered Member

    Joined:
    Dec 7, 2006
    Posts:
    39
    Hi Frederic

    Would you mind telling me the definition of PORT_LOCAL_IN andPORT_LOCAL_OUT
     
  4. -NiCeGuY-

    -NiCeGuY- Registered Member

    Joined:
    Mar 5, 2007
    Posts:
    79
    Frederis , could you POST Full infomation about Raw plugin (e.g. details & how to use raw plugin setup pls ! ) :D

    best regards :thumb:
     
  5. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Hi,

    This is the same as choosing "Local In"/"Local Out" in the standard edition dialog box. It applies only to TCP/UDP ports.
    From the help file:
    Local port:

    When UDP or TCP are selected in Protocol field, there are criteria to select the ports if needed. In that list there are standard criteria ('Equal to', 'Range'...) and a special one 'Local in'. This criteria identifies the local ports Windows allocates. It depends on the version of Windows (for Vista: 49152-65535, for the other versions of Windows: 1024-5000). Using this criteria is useful to create compatible rules between the Windows versions.​

    Frederic
     
  6. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    With the raw rule edition plugin, you "simply" indicate which fields in the packet have to be verified.
    To verify a field you need to indicate the position in the packet, the criteria to do the comparison, and the values to be compared with.

    Now, for the questions on how to use it and how to create rules, some knowledge about IP, TCP, UDP... protocols are required, and this is beyond the scope of a simple post here...

    Looking at how standard rules become translated into the raw rule edition plugin could help to understand and experiment how it works.

    Frederic
     
  7. ktango

    ktango Registered Member

    Joined:
    Dec 7, 2006
    Posts:
    39
    Thanks a lot, Frederic
     
Thread Status:
Not open for further replies.