calin radoni's humble web presence
docstoolboxabout
calin radoni's humble web presence |
homedocstoolboxabout
|
Installing Honeyd 1.0 and Arpd 0.2 under Fedora Core 4 (with gcc 4.0.0)
In order to read the new format of OS fingerprints from xprobe2 0.2.2
I was changed the honeyd 1.0's
personality.c file by adding a new function,
static int get_zero_notzero_sent(char *input) and changing
the static int set_xp_struct(struct xp_fingerprint *pers, char *line) function
to read the new added fields.
The added function deals with the new type, [0 (001), !0 (010), SENT (100)]:
static int
get_zero_notzero_sent(char *input)
{
if (input[0]=='0')
return (1);
if (strncmp (input, "SENT", 4) == 0)
return (4);
return (2);
}
Note
I know, it is by far not the most happy implementation. A lot of changes must be done especially in the area of error checking. Even the author says this (see the comments embedded in the source file).
The changes in set_xp_struct are for read the new fields and deal with the changed type of the unsigned icmp_echo_ip_id filed. Here is just a portion of code:
} else if (strncmp (p, "icmp_echo_ip_id", 15) == 0) {
pers->flags.icmp_echo_ip_id = get_zero_notzero_sent (p2);
For the F and G modules only the first part of field definiton is checked. Here is the code portion:
} else if (strncmp (p, "tcp_syn_ack", 11) == 0) {
// do nothing
} else if (strncmp (p, "tcp_rst_", 8) == 0) {
// do nothing
Go back to the article.
Hosted on http://www.oocities.org/calinradoni Last page modification is 12 July 2005