Beefy Boxes and Bandwidth Generously Provided by pair Networks
Just another Perl shrine
 
PerlMonks  

comment on

( [id://3333] : superdoc . print w/replies, xml ) Need Help??

Have you ever looked at snort?

How are you going to sniff the packets? tcpdump? Or are you working on a Windows box?

I am not sure why you are looking for a magic number in the packet. The packet should have some port information, and the tool should be working on a port. Just sniff packets to the server port and to the client port.

Let us know more info if you have it.

UPDATE: I'm obliged to remind all that sniffing packets across a network that is not under your command is wrong and is considered computer abuse. You can be prosecuted. Don't try to break the security and don't try to make the administrator's job any harder.

J. J. Horner
Linux, Perl, Apache, Stronghold, Unix
jhorner@knoxlug.org http://www.knoxlug.org/

In reply to (jjhorner)Finding patterns in packet data? by jjhorner
in thread Finding patterns in packet data? by Guildenstern

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or How to display code and escape characters are good places to start.