This presentation is designed to provide a basic overview of the following: System Organization, Memory Organization, Stack Organization (For Function Calls), A Vulnerable C Program, Exploiting Buffer Overflow
Flowinspect - A Network Inspection ToolAnkur Tyagi
Flowinspect is a network traffic inspection utility. It uses pynids to defragment IP and reassemble TCP packets (UDP is inspected on a per-packet basis). Resulting flows are then inspected using the "re2" module that supports PCRE-like patterns, case-insensitive, invert and multiline matches, etc. In case re2 is not installed, Python's re module is used as a fallback. Match scope could be limited through BPF expressions or via Snort-like offset-depth content modifiers or packets/streams inspection limit flags. Flows could be logged to files in addition to being dumped on stdout. A few useful output modes help with further analysis.
This presentation is designed to provide a basic overview of the following: System Organization, Memory Organization, Stack Organization (For Function Calls), A Vulnerable C Program, Exploiting Buffer Overflow
Flowinspect - A Network Inspection ToolAnkur Tyagi
Flowinspect is a network traffic inspection utility. It uses pynids to defragment IP and reassemble TCP packets (UDP is inspected on a per-packet basis). Resulting flows are then inspected using the "re2" module that supports PCRE-like patterns, case-insensitive, invert and multiline matches, etc. In case re2 is not installed, Python's re module is used as a fallback. Match scope could be limited through BPF expressions or via Snort-like offset-depth content modifiers or packets/streams inspection limit flags. Flows could be logged to files in addition to being dumped on stdout. A few useful output modes help with further analysis.