Discussion in 'LnS English Forum' started by -NiCeGuY-, Jul 12, 2007.
what's those title name(red box)? I cant see the full name
The 3 items are:
EQUAL_VALUE1OR2ORMASK (in that case MASK is actually like a VALUE3, the Criteria checks if the value in the packet equals to one of the 3 values).
NOTEQUAL_VALUE1AND2ANDMASK (same remark but for the opposite check)
In the next update of the plugin the field will be enlarged to have these items visible.
Would you mind telling me the definition of PORT_LOCAL_IN andPORT_LOCAL_OUT
Frederis , could you POST Full infomation about Raw plugin (e.g. details & how to use raw plugin setup pls ! )
This is the same as choosing "Local In"/"Local Out" in the standard edition dialog box. It applies only to TCP/UDP ports.
From the help file:
When UDP or TCP are selected in Protocol field, there are criteria to select the ports if needed. In that list there are standard criteria ('Equal to', 'Range'...) and a special one 'Local in'. This criteria identifies the local ports Windows allocates. It depends on the version of Windows (for Vista: 49152-65535, for the other versions of Windows: 1024-5000). Using this criteria is useful to create compatible rules between the Windows versions.
With the raw rule edition plugin, you "simply" indicate which fields in the packet have to be verified.
To verify a field you need to indicate the position in the packet, the criteria to do the comparison, and the values to be compared with.
Now, for the questions on how to use it and how to create rules, some knowledge about IP, TCP, UDP... protocols are required, and this is beyond the scope of a simple post here...
Looking at how standard rules become translated into the raw rule edition plugin could help to understand and experiment how it works.
Thanks a lot, Frederic
Separate names with a comma.