Ethereal-users: FW: [Ethereal-users] yet another filter question

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Broggy, David" <David.Broggy@xxxxxx>
Date: Thu, 24 Jan 2002 13:33:46 -0600
Title: yet another filter question
Correction, that 20 bytes into the packet.
 
-----Original Message-----
From: Broggy, David [mailto:David.Broggy@xxxxxx]
Sent: Thursday, January 24, 2002 1:23 PM
To: 'ethereal-users@xxxxxxxxxxxx'
Subject: [Ethereal-users] yet another filter question


I don't quite understand the offset in capture filtering. For example, take the following code:

0000  ff ff ff ff ff ff 00 40 68 1b 3d 26 00 60 ff ff   .......@h.=&.`..            
0010  00 60 00 04 b0 b0 b0 b0 ff ff ff ff ff ff 04 52   .`.............R            
0020  b0 b0 b0 b0 00 40 68 1b 3d 26 04 52 00 02 03 63   .....@h.=&.R...c            
0030  45 53 49 31 37 38 35 31 32 36 00 00 00 00 00 00   ESI1785126......            
0040  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................            
0050  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................            
0060  00 00 00 00 00 40 68 1b 3d 26 40 0b 00 01         .....@h.=&@...              

If I read this right 26 bytes into the packet it reads "b0b0b0b0". How would I capture packets with this pattern?



David Broggy
UNIX/Networking Specialist
Manageworx Infosystems Inc.
Cel: 204 227 1585
email: dbroggy@xxxxxxxxxxxxxx



This message has been 'sanitized'. This means that potentially dangerous content has been rewritten or removed. The following log describes which actions were taken. 


Sanitizer (start="1011900428"):
  Part (pos="1520"):
    SanitizeFile (filename="unnamed.txt", mimetype="text/plain"):
      Match (rule="2"):
        Enforced policy: accept

  Part (pos="2460"):
    SanitizeFile (filename="unnamed.html", mimetype="text/html"):
      Match (rule="default"):
        Enforced policy: accept

    Rewrote HTML tag: >>_META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"_<<
                  as: >>_MANGLED_ON_PURPOSE_META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"_<<
    Rewrote HTML tag: >>_META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2653.12"_<<
                  as: >>_MANGLED_ON_PURPOSE_META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2653.12"_<<
    Total modifications so far: 2

Anomy 0.0.0 : Sanitizer.pm $Id: Sanitizer.pm,v 1.32 2001/10/11 19:27:15 bre Exp $


This message has been 'sanitized'. This means that potentially dangerous content has been rewritten or removed. The following log describes which actions were taken. 


Sanitizer (start="1011901068"):
  Part (pos="1541"):
    SanitizeFile (filename="unnamed.txt", mimetype="text/plain"):
      Match (rule="2"):
        Enforced policy: accept

  Part (pos="3826"):
    SanitizeFile (filename="unnamed.html", mimetype="text/html"):
      Match (rule="default"):
        Enforced policy: accept

    Rewrote HTML tag: >>_META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"_<<
                  as: >>_MANGLED_ON_PURPOSE_META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"_<<
    Rewrote HTML tag: >>_META content="MSHTML 5.00.2314.1000" name=GENERATOR_<<
                  as: >>_MANGLED_ON_PURPOSE_META content="MSHTML 5.00.2314.1000" name=GENERATOR_<<
    Total modifications so far: 2

Anomy 0.0.0 : Sanitizer.pm $Id: Sanitizer.pm,v 1.32 2001/10/11 19:27:15 bre Exp $