Wireshark-dev: Re: [Wireshark-dev] [Full-disclosure] SniffJoke 0.3 release andrequestfor feedba
From: "Sake Blok" <sake@xxxxxxxxxx>
Date: Mon, 27 Apr 2009 20:54:32 +0200
Sebastien,
One of the tricks SniffJoke uses is to first
determine how many hops there are to the destination and then it sends "bogus"
traffic with a TTL that is just 1 lower. This means the receiving OS never gets
to see that traffic, while wireshark does (when it's in between the sender and
the receiving end).
If the trace is made at the receiving end and
wireshark is not able to reassemble the stream, then that might be considered a
bug. Does anyone use SniffJoke? If so, could you please make a capture at the
sending and the receiving end?
Since WS does not know which of the packets will
not arrive at the receiving end, I'm no fan of incorporating code to handle
those bogus frames.
Cheers,
Sake
|
- Follow-Ups:
- Re: [Wireshark-dev] [Full-disclosure] SniffJoke 0.3 release andrequestfor feedback (forw)
- From: Sébastien Tandel
- Re: [Wireshark-dev] [Full-disclosure] SniffJoke 0.3 release andrequestfor feedback (forw)
- References:
- [Wireshark-dev] [Full-disclosure] SniffJoke 0.3 release and request for feedback (forw)
- From: Joerg Mayer
- Re: [Wireshark-dev] [Full-disclosure] SniffJoke 0.3 release and requestfor feedback (forw)
- From: Sake Blok
- Re: [Wireshark-dev] [Full-disclosure] SniffJoke 0.3 release and requestfor feedback (forw)
- From: Sébastien Tandel
- [Wireshark-dev] [Full-disclosure] SniffJoke 0.3 release and request for feedback (forw)
- Prev by Date: Re: [Wireshark-dev] [Full-disclosure] SniffJoke 0.3 release and requestfor feedback (forw)
- Next by Date: Re: [Wireshark-dev] [Full-disclosure] SniffJoke 0.3 release andrequestfor feedback (forw)
- Previous by thread: Re: [Wireshark-dev] [Full-disclosure] SniffJoke 0.3 release and requestfor feedback (forw)
- Next by thread: Re: [Wireshark-dev] [Full-disclosure] SniffJoke 0.3 release andrequestfor feedback (forw)
- Index(es):
- Get Wireshark
- Download
- Code of Conduct