Hi, Frederic, In the log of LnS, there are some other Ethernet type packets (2C, 54, 60, 63, etc). I have no idea on these packet. Where are they from? Is there some possible problem if only type 800(IP) and 806(ARP) are allowed? If I want to allow another type (say, type 60), how to setup the rules? thanks in advance.
Hi nuser 1) To know what are these strange protocols: http://en.wikipedia.org/wiki/IP_protocol_numbers 2) The only Ethernet protocols managed by LNS are the ones you'ill find in the rule editing windows: IP ARP others ... IPv4 IPv6 EAPol 802.1x Now : why and how to create rules for "others" ? I have no idea.
Hello, The raw rules edition plugin allows "fine tuning" specific rules. Here is the plugin page including the raw rule edition plugin. Authorization of specific Ethernet IP type is feasible with this plugin. This post shows how it applies to 0x888E Ethernet type, for WiFi security purpose. As an example, I have just created this rule http://www.looknstop.com/En/rules/Eth0x0060.GIF Clic here to import it automatically into LNS. After installing the plugin, you can edit the rule and change the IP type as you want. Regards, JF
thanks, Climenole. thanks, JF, From the snapshot, we can see that you and Frederic have added more functionalities to the 'raw edition' (number of field increased to 16, Boolean operators added.) Cool small questions: (1) "Fied filtering' should be 'Field filtering'. (2) If the direction is 'inbound', I can still change the value of the 'outbound' input field, though it's useless. So, is it better to disable 'outbound' field when 'inbound' direction is selected? (the same for 'inbound' input field) btw: the ethernet type 888E has been included in v2.06. So, it's not necessary to use raw edition. Just select EAPoL 802.1x, add MAC addresses of PC and Router. However, raw edition gives us the ultimate flexibility to control 'every bit' of the packet.
Thanks nuser, the (1) will be fixed in the next edition of this plugin. For the (2) not sure, this plugin is reserved for an advanced usage, and the GUI is just functional, we do not take care too much of the GUI. Actually is was developed as a demo, to show the possibilities and we thought some other developers would create more friendly GUI, and even to replace the Standard Edition, which is a bit complicated, but finally only this one exist (to create any kind of rule). Frederic