The first thing I attempted with it, naturally, was running the sample program, printatll.c. It's supposed to print out all TCP data. Problem was, it outputed nothing for me. I even added a printf to the first line of tcp_callback function and found out it is never called.
I was perplexed. I looked for a mailing list but found none. So I wrote to libnids's principal programmer, Rafal Wojtczuk, who kindly helped me with my problem. He suggested that probably I need to disable outgoing packet checksumming. I added these lines before the call to nids_run() and everything worked out!
Apparently checksumming was somehow failing and stopping libnids to consider the TCP connection established (or something along those lines!). A big thanks to Rafal for his help.struct nids_chksum_ctl *ctl = (struct nids_chksum_ctl *) malloc(sizeof(struct nids_chksum_ctl)); ctl->netaddr = 0; ctl->mask = 0; ctl->action = NIDS_DONT_CHKSUM; nids_register_chksum_ctl(ctl, 1);
No comments:
Post a Comment