On Thu, 29 Nov 2007, henry_smith (at) gmail (dot) com [email concealed] wrote:
>> Similar to SMTP decoding algorithm is it possible to have decoding >> algorithm for RPC, DHCP and DNS protocol. >dugsong's dpkt code can do all of this: >http://dpkt.googlecode.com/svn/trunk/dpkt/ >note that the number of RPC program are huge and >long and each seem to use >their own opcodes, so getting a truly >comprehensive decode may be a bit >more work. >hope this is useful. ________ >jose nazario, ph.d. http://monkey.org/~jose/ IF you are interested in understanding how the protocola are being parsed, then you can also study the souce code of ethereal. abhi ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
