<div class="gmail_quote">Hi Anoop Saldanha,</div><div class="gmail_quote"><br></div><div class="gmail_quote">Thank you!</div><div class="gmail_quote"><br></div><div class="gmail_quote">I will look after what you have said. Yes, currently my Intention is to detect a flooding , later with complex attacks.</div>
<div class="gmail_quote"><br></div><div class="gmail_quote">Currently working on thesis writing work :(, will get back to you when i work on it and get the problem solved. </div><div class="gmail_quote"><br></div><div class="gmail_quote">
Thanks again. !</div><br><div class="gmail_quote">On Fri, Aug 3, 2012 at 7:04 AM, Anoop Saldanha <span dir="ltr"><<a href="mailto:anoopsaldanha@gmail.com" target="_blank">anoopsaldanha@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Prabhakaran,<br>
<div class="im"><br>
On Thu, Jul 26, 2012 at 9:17 PM, Prabhakaran Kasinathan<br>
<<a href="mailto:prabhakaran1989@gmail.com">prabhakaran1989@gmail.com</a>> wrote:<br>
> Hi Anoop Saldanha,<br>
><br>
> Thanks for your help. I understood the second method and it worked<br>
> perfectly. printf prints to console normally :). Now i have the basic<br>
> decoding, which gives me the src and dst address + some other data required<br>
> for time being.<br>
><br>
> In-order to write the Detection module. Which files to Look up?<br>
><br>
><br>
> My Idea is to detect an flooding intially. Such that a signature should<br>
> match the src and dest address and the rate of incoming packet's.<br>
<br>
</div>Have a look at thresholding - detect-engine-threshold.[ch].<br>
<br>
What are you planning to implement in detection? If it's the flooding<br>
thing, I doubt you'd have to write anything new as such in detection,<br>
since most of the infrastructure's already in place.<br>
<div class="HOEnZb"><div class="h5"><br>
><br>
> Could you give me a high level overview of where to start and look after<br>
> could be very helpful :)<br>
><br>
> Thank you!.<br>
><br>
><br>
> On Wed, Jul 25, 2012 at 6:37 PM, Anoop Saldanha <<a href="mailto:anoopsaldanha@gmail.com">anoopsaldanha@gmail.com</a>><br>
> wrote:<br>
>><br>
>> On Wed, Jul 25, 2012 at 4:48 PM, Prabhakaran Kasinathan<br>
>> <<a href="mailto:prabhakaran1989@gmail.com">prabhakaran1989@gmail.com</a>> wrote:<br>
>> > Dear Developer's,<br>
>> ><br>
>> > I have been working in decoding the IEEE802154 packets and 6LoWPAN<br>
>> > packets.<br>
>> > It took some time to understand the decoding functionality. Pls Help!<br>
>> ><br>
>> > Now my problem is,<br>
>> ><br>
>> > One byte is missing when i try to separate the structure like ( uint16_t<br>
>> > ,<br>
>> > uint8_t,here next 8 bit is missing, uint16_t ...) it jumps to the next<br>
>> > 16<br>
>> > bit and next 16 bit and soo on! What is the problem here?<br>
>> ><br>
>> > whereas it works correctly either if i use ( uint16_t , uint8_t<br>
>> > ,uint8_t,uint16_t ,uint16_t , and so.... ) or ( uint16_t ,uint16_t<br>
>> > ,uint16_t<br>
>> > ,uint16_t , ... ) . I couldn't understand this.<br>
>> ><br>
>> > Details :<br>
>> ><br>
>> > The current Header of IEEE802154 packet.<br>
>> ><br>
>> > octects 2 1 2 2 2<br>
>> > | FCF | Seq no | Dst Pan | Dst Add | Src Add | remaining data<br>
>> ><br>
>> ><br>
>> > Hex : 61 88 d9 22 00 01 00 64 00 e0 ... Data... [ the byte 22 is<br>
>> > missing when i print the hole order ]<br>
>> ><br>
>> > My Structure Declarations<br>
>> ><br>
>> > typedef struct Ieee802154Hdr_ {<br>
>> > uint16_t ieee802154_fcf;<br>
>> > uint8_t ieee802154_seq;<br>
>> > uint16_t ieee802154_dstpan;<br>
>> > uint16_t ieee802154_dstadd;<br>
>> > uint16_t ieee802154_srcadd;<br>
>> > } Ieee802154Hdr;<br>
>> ><br>
>> > SCLogInfo("\n Length %d ieee FCF: %x | ieee seq %x | DstPan %04x |<br>
>> > Dstadd %04X | SrcAdd<br>
>> ><br>
>> > %04x",len,ntohs(p->ieeeh->ieee802154_fcf),ntohs(p->ieeeh->ieee802154_seq),ntohs(p->ieeeh->ieee802154_dstpan),ntohs(p->ieeeh->ieee802154_dstadd),ntohs(p->ieeeh->ieee802154_srcadd));<br>
>> ><br>
>> ><br>
>> > Output is:<br>
>> ><br>
>> > Length 26 ieee FCF: 6188 | ieee seq d9 | DstPan 0001 | Dstadd 0064 |<br>
>> > SrcAdd 00e0<br>
>> ><br>
>> > it<br>
>> > should<br>
>> > be 0022 0001 0064<br>
>> ><br>
>> > Note: If I use the (uint16_t) continuously, I get the bytes correctly.<br>
>> > How<br>
>> > to overcome this problem.<br>
>> ><br>
>><br>
>> This is a gcc alignment issue. Can't think of any portable solutions as<br>
>> such.<br>
>><br>
>> One way would be use a uint8_t array to point to the packet byte<br>
>> array, and use macros to dereference the various fields from this<br>
>> array.<br>
>><br>
>> #DEFINE GET_IEEE802145_DSTPAN(array) (*((uint16_t *)((uint8_t *)array +<br>
>> 3))<br>
>><br>
>> --<br>
>><br>
>> Another solution would be to define the struct as<br>
>><br>
>> {<br>
>> uint16_t a;<br>
>> uint8_t b;<br>
>> uint8_t c1;<br>
>> uint8_t c2;<br>
>> ...<br>
>> }<br>
>><br>
>> So c1 + c2 in your case would be ieee802154_dstpan. You can hide the<br>
>> retrieval of the value from c1 + c2 using some macros.<br>
>><br>
>> Let me know if you have a better solution.<br>
>><br>
>> > Question 2:<br>
>> ><br>
>> > How to use the SCLogDebug and Printf lines to get printed in console?<br>
>> > Since<br>
>> > I couldn't find that. I started using SCLogInfo to print and debug the<br>
>> > error's.<br>
>> ><br>
>> > --<br>
>> > Best Regards,<br>
>> > Prabhakaran Kasinathan<br>
>> > +39 3279720502<br>
>> ><br>
>> ><br>
>> > _______________________________________________<br>
>> > Oisf-devel mailing list<br>
>> > <a href="mailto:Oisf-devel@openinfosecfoundation.org">Oisf-devel@openinfosecfoundation.org</a><br>
>> > <a href="http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel" target="_blank">http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel</a><br>
>><br>
>> doesn't printf print to the console? SCLogDebug needs --enable-debug<br>
>> while configuring and requires you to set the log-level in the conf<br>
>> to debug.<br>
>><br>
>> --<br>
>> Anoop Saldanha<br>
><br>
><br>
><br>
><br>
> --<br>
> Best Regards,<br>
> Prabhakaran Kasinathan<br>
> <a href="tel:%2B39%203279720502" value="+393279720502">+39 3279720502</a><br>
><br>
<br>
<br>
<br>
</div></div><span class="HOEnZb"><font color="#888888">--<br>
Anoop Saldanha<br>
</font></span></blockquote></div><br><br clear="all"><div><br></div>-- <br>Best Regards,<br>Prabhakaran Kasinathan<br>+39 3279720502<br><br>