22. For Application Layer Data sniffing give support to APP protocols one by one. http, telnet, ftp, ssh. These are widely used protocols.
-> Study their PROTOCOL FORMAT and scan the HEADER and look for the application/agent information if the protocol is including it in there !!?
-> Use REGEX as the L7-FILTER is using (or something else like HASH or MD5 HASH?!!! )
-> for WRITING the sniffed data try to implement them as THREADS
[THREAD1] --------> [SHARED BUFFER ] <---------- [THREAD2] sniffs------------------------critical section-----------------------write to file ->Take help of Prof. Dick Smith..... (how to go for application layer data sniffing !!)
10/28/07||23:33
No comments:
Post a Comment