[unisog] Regarding - Windows Message SPAM - Snort Rule

Stejerean, Cosmin cosmin at cti.depaul.edu
Thu Oct 20 15:34:48 GMT 2005

Capturing the traffic in VB is not hard, use Winsock and make it listen to
port 139. I am not sure how to parse the data you receive to extract the
message but I assume that if you spend a little time with Ethereal and some
trial and error you'll be able to figure that out quickly.





From: unisog-bounces at lists.sans.org [mailto:unisog-bounces at lists.sans.org]
On Behalf Of Ruwan Fernando
Sent: Thursday, October 20, 2005 1:39 AM
To: unisog at lists.sans.org
Subject: [unisog] Regarding - Windows Message SPAM - Snort Rule



            I noticed the same thing when I was using a Pkt Sniffer.. (That
the Msgs r sent through TCP port 139) But I have no idea on how to capture
them. I'm building a prg in VB to send & receive Net Send msgs. I'm
currently using FindWindow API to receive the Msgs, but need a more concrete
way of doing it.. So if u could tell me a way to capture those packets on
port 139 using VB I would greatly appreciate it.




-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.dshield.org/pipermail/unisog/attachments/20051020/88084e0f/attachment.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3726 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20051020/88084e0f/smime.bin

More information about the unisog mailing list