Well,
I can answer myself.
The wrong with my spoof packet was the Checksum in the CRC Header.
Regards,
Javier Romero.
Build a spoof packet is very easy.!
Javier Romero wrote:
> Hi folks,
>
> I have worked very hard, testing and testing what is my wrong.
> I have used a ICMP ping packet (1442 bytes of size) changing the source
> IP address by the broadcast IP address of the target network address.
> Well, I changed my method:
> 1st.
> IP SRC= *.*.*.255
> 2nd.
> IP SRC= *.*.*.33 (the gateway of the target host)
> 3rd.
> IP SRC= *.*.*.22 (the same IP add of the target host).
>
> Well, I used the SNIFFER Pro running on Windows 95.
>
> I am testing a equipment based-on Linux (using IPFWADM).
> BTH, Does anybody know what is the content normal of the IPFWADM�s
> files, like as:
> /proc/net/ip_acct
> /proc/net/ip_input
> /proc/net/ip_output
> /proc/net/ip_forward
> /proc/net/ip_masquered
>
> Build in Linux release 4.0 Kernel 2.0.34 (where IPFWADM don�t mesh with
> IPCHAINS). This is a equipment called Cobalt www.cobalt.com.
>
> When I see if my Linux Cobalt is using rules, with cat ip_*, cat
> etc,etc.... But I find with hEXadecimal content.
>
> I guess that I must install Linux 4.0 and display these files.
>
> -----
>
> I test the same packets in a another scenario in a NT MAchine 4.0 using
> IPForwarding, but the packets didn�t pass through the NT (when I had
> used spoofing, but not when I used normal packets)
>
> I used SNIFFER PRO all time.
>
> Please, If you know what is the error in my packet?
> I will try send you as *.cap file (to Sniffer of NAI)
>
> TIA
>
> Javier Romero
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
