data payloads

402 views
Skip to first unread message

Bell, Adam

unread,
Jun 8, 2010, 3:40:26 PM6/8/10
to osti...@googlegroups.com

After installing wireshark and winpcap, ostinato worked as expected.

 

When editing the stream, it seems I can only enter 1 word for the payload data.

I need to enter a specific 128 byte stream for protocol testing (IKE specifically).

 

Is this possible?

 

Thanks,

Adam

The information contained in this electronic mail transmission 
may be privileged and confidential, and therefore, protected 
from disclosure. If you have received this communication in 
error, please notify us immediately by replying to this 
message and deleting it from your computer without copying 
or disclosing it.


Srivats P

unread,
Jun 9, 2010, 1:11:41 PM6/9/10
to adam...@safenet-inc.com, osti...@googlegroups.com
Adam,

Currently the "pattern payload" protocol accepts only a 4 byte word that it repeats to pad the message to the specified packet length.

What you can do instead of specifying the custom byte stream in the payload protocol, do so in the UserScript Protocol. Here's how to configure a IKE packet in the Stream Configuration Dialog -

1. Select Ethernet | IPv4 | UDP protocols
2. Goto "Advanced" Protocol Selection
3. Insert the "{Script}" Protocol between UDP and DATA
4. Go to "Protocol Data" | UDP tab and configure the source/destination ports as 500 (IKE)
5. Go to "Protocol Data" | {UserScript} tab
6. Copy-Paste the below script
7. Click the Compile button - and you should see a "Success" notification for the same
8. Close the Stream Configuration Dialog, click Apply and then transmit

You can capture the transmitted packet and view it in Wireshark to check that the packet was generated correctly.

Let me know if you need further help

<script>
protocol.name = "IKE"

protocol.protocolFrameSize = function() { return 128; }

protocol.protocolFrameValue = function(index)

{

var pfv = [

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

0x22, 0x20, 0x22, 0x00, 0x00, 0x00, 0x00, 0x01,

0x00, 0x00, 0x00, 0x1c, 0x00, 0x00, 0x00, 0x00,

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00];


return pfv;

}

</script>

Regards,
Srivats

PS - You also need to change the packet length appropriately otherwise it may be truncated
> --
>
> You received this message because you are subscribed to the Google Groups
> "ostinato" group.
>
> To post to this group, send email to osti...@googlegroups.com.
>
> To unsubscribe from this group, send email to
> ostinato+u...@googlegroups.com.
>
>
> For more options, visit this group at
> http://groups.google.com/group/ostinato?hl=en.
>
>
>
>

Srivats P

unread,
Jun 9, 2010, 11:45:08 PM6/9/10
to Bell, Adam, osti...@googlegroups.com
Yes, a GUI to enter the bytes is in the plan - just that its low priority for now since there is a workaround with the UserScript.

On Wed, Jun 9, 2010 at 11:20 PM, Bell, Adam <Adam...@safenet-inc.com> wrote:

I’ll try that

 

As a suggestion, a GUI to simply add the bytes would be nice, like the one have now.

 

Thanks so much,

Adam

Reply all
Reply to author
Forward
0 new messages