Home page logo

pen-test logo Penetration Testing mailing list archives

Controling Segment Contents in TCP Stream
From: "Crist J. Clark" <crist.clark () attbi com>
Date: Wed, 11 Jun 2003 10:52:04 -0700

I am looking for a simple tool that I can use to control how TCP data
is split up among segments. I can't seem to figure out how to coax
Netcat into doing this.

What I am trying to do is mess with some firewall/proxy software by
screwing with (unfounded) assumptions it makes about the contents of
individual packets. For example, I am seeing some Widely Used
Commercial Firewall Software choke when an FTP client sends a packet
containing just,

  "USER "

That is, U, S, E, R, and a space. The next segment carries the rest of
the line,


Now, since TCP is a stream-oriented protocol, this is actually
perfectly acceptable behavior. The TCP stack of the server will handle
this just fine, and the FTP server software will see the perfectly
Standard-compliant input,

  "USER anonymous\r\n"

At the other end.

This is an old and well known problem with firewall/proxies, yet we
see it all of the time. The problem I am having is finding a tool that
lets me easily control the data in each segement of the TCP
stream. I've manually crafted some packets with hping2 to do some
testing, but it is a huge PITA to build the whole SYN/SYN-ACK/ACK
handshake each time. Can anyone recommend a tool or show me how to get
Netcat to do this? Or am I going to have to build something myself or
hack Netcat code?

Since this is a well known issue, I was hoping someone already had
done the work and made it available. Thanks.
Crist J. Clark                     |     cjclark () alum mit edu
                                   |     cjclark () jhu edu
http://people.freebsd.org/~cjc/    |     cjc () freebsd org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]