some other ethernet type

Discussion in 'LnS English Forum' started by nuser, Jun 18, 2007.

Thread Status:
Not open for further replies.
  1. nuser

    nuser Registered Member

    Joined:
    May 31, 2007
    Posts:
    105
    Location:
    Singapore
    Hi, Frederic,
    In the log of LnS, there are some other Ethernet type packets (2C, 54, 60, 63, etc). I have no idea on these packet. Where are they fromo_O?
    Is there some possible problem if only type 800(IP) and 806(ARP) are allowed?
    If I want to allow another type (say, type 60), how to setup the rules?:blink:
    thanks in advance.:thumb:
     

    Attached Files:

    Last edited: Jun 18, 2007
    nuser, Jun 18, 2007
    #1
  2. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,637
    Hi nuser :)

    1)
    To know what are these strange protocols:

    http://en.wikipedia.org/wiki/IP_protocol_numbers

    2)
    The only Ethernet protocols managed by LNS are the ones you'ill find in the rule editing windows:

    IP
    ARP
    others ... :cautious:
    IPv4
    IPv6 EAPol 802.1x

    Now : why and how to create rules for "others" ? I have no idea.

    :)
     
    Climenole, Jun 18, 2007
    #2
  3. JF

    JF LnS Support

    Joined:
    Jan 12, 2003
    Posts:
    294
    Hello,

    The raw rules edition plugin allows "fine tuning" specific rules.
    Here is the plugin page including the raw rule edition plugin.

    Authorization of specific Ethernet IP type is feasible with this plugin.

    This post shows how it applies to 0x888E Ethernet type, for WiFi security purpose.

    As an example, I have just created this rule

    http://www.looknstop.com/En/rules/Eth0x0060.GIF

    Clic here to import it automatically into LNS.

    After installing the plugin, you can edit the rule and change the IP type as you want.

    Regards,
    JF
     
    JF, Jun 18, 2007
    #3
  4. nuser

    nuser Registered Member

    Joined:
    May 31, 2007
    Posts:
    105
    Location:
    Singapore
    thanks, Climenole.
    thanks, JF,
    From the snapshot, we can see that you and Frederic have added more functionalities to the 'raw edition' (number of field increased to 16, Boolean operators added.) Cool:cool:

    small questions:

    (1) "Fied filtering' should be 'Field filtering'. :-*

    (2) If the direction is 'inbound', I can still change the value of the 'outbound' input field, though it's useless. So, is it better to disable 'outbound' field when 'inbound' direction is selected? (the same for 'inbound' input field)

    btw: the ethernet type 888E has been included in v2.06. So, it's not necessary to use raw edition. Just select EAPoL 802.1x, add MAC addresses of PC and Router.
    However, raw edition gives us the ultimate flexibility to control 'every bit' of the packet.
     
    nuser, Jun 19, 2007
    #4
  5. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,353
    Location:
    France
    Thanks nuser, the (1) will be fixed in the next edition of this plugin.

    For the (2) not sure, this plugin is reserved for an advanced usage, and the GUI is just functional, we do not take care too much of the GUI.
    Actually is was developed as a demo, to show the possibilities and we thought some other developers would create more friendly GUI, and even to replace the Standard Edition, which is a bit complicated, but finally only this one exist (to create any kind of rule).

    Frederic
     
    Frederic, Jun 20, 2007
    #5
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...