Ethereal: More Info Than Frame Size???

Ethereal: More Info Than Frame Size???
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 General Computer Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Ethereal: More Info Than Frame Size??? Mike - EMAIL IGNORED 06-18-2005
Posted by Mike - EMAIL IGNORED on June 18, 2005, 9:18 am
If you were  Registered and logged in, you could reply and use other advanced thread options
On RH, I have been capturing http packets with tethereal
and examining them with ethereal. In one obvious buffer
overflow attack I found:

Frame size = 1506
IP total length = 1492
NTLMSSP data size = 1044

The hex dump shows the NTLMSSP to be in >addition< to the
ethernet frame size, which to me, does not make sense.
The tethereal filter is:
tcp port 80
There are continuation packets, but they do not contain
the correct information.

Thanks for your help,
Mike.


Similar ThreadsPosted
Re: Using Ethereal August 29, 2004, 1:32 am
Ethereal with XP? July 1, 2004, 9:20 pm
Who uses ethereal? July 16, 2004, 10:08 am
Using Ethereal August 26, 2004, 9:56 am
Ethereal becomes Wireshark June 28, 2006, 9:12 am
Winpcap/Ethereal on USB modems April 17, 2005, 5:55 pm
Encryption size October 25, 2005, 3:13 am
Salt size July 15, 2008, 4:24 pm
Minimize key size for sending only 10 messages April 18, 2006, 3:59 am
Minimize key size for sending only 10 messages April 18, 2006, 4:00 am

The site map in XML format XML site map

Contact Us | Privacy Policy