Collaborate Disseminate
If a script tag https://domain.com/script.js is loaded to a website, and then in this script there are additional calls to the same domain, such as an AJAX (xhr) request to https://domain.com/another-resource, will the browser do the SSL n… Continue reading Does the browser reuse the SSL negotiation process (and/or the tcp connection) for additional resources? [migrated]
I understand the TCP meltdown problem is associated with overcompensation from errors and incorrect sequencing when arriving the the receiver end. OpenVpn connections are recommended to use the UDP protocol.
Does this mean that the connect… Continue reading Can UDP traffic be transmitted over TCP ports on OpenVpn to avoid the TCP meltdown [closed]
Previous post was deleted for not enough context, which I apologise for. I will try to provide as much context as I can. I am aware this appears to be an example of a SYN flood attack with spoofed ip addresses, however should there not be… Continue reading Can’t find anomalies / abnormalities in wireshark capture
Based on the above capture, there are supposed to be anomalies or other observations. The only things I have found, are that in some of the frames, there is a "Source MAC must not be a group address" warning message, and in all … Continue reading Finding abnormal behaviours/observations in this packet capture [closed]
How would I get the key? I have tried a bunch of tcpdump commands but it is not working. I am not allowed to use anything like Wireshark btw. What commands do I need to run in server one to get the key? I do not have access to server 2.
I … Continue reading Getting key from different server [closed]
I would like to perform arp spoofing on an existing tcp connection between a server and a client and perform a mitm attack. In addition to altering existing packets, I would like to be able to inject my own packets into the connection with… Continue reading Tool for injecting data in existing tcp connection
Notices in Zeek Zeek’s Notice Framework enables network operators to specify how potentially interesting network findings can be reported. This decoupling of detection and reporting highlights Zeek’s flexibility: a notice-worthy event in network A may … Continue reading Telegram Zeek, you’re my main notice
I’m working on a project where the program can detect when its being scanned for malicious purposes by checking how many ports are being scanned at the same time and scanning them back using the SYN method for TCP and the IMCP response for… Continue reading is the UDP or TCP protocol best suited for a so called stealth counter scan for open or closed ports [closed]
Normally, the Windows 7 Dnscache service will communicate via UDP on port 53 and via TCP on port 80. I have observed and logged this behaviour for over a decade.
Suddenly, a Win7 box tried to communicate via TCP on port 53 (destination po… Continue reading Atypical Dnscache service behaviour in Windows [closed]
Why error checking for the IP header is done twice, first in the IP header and second in the TCP header using Pseudo Ip header? is there some security benefit? What would be the issue if we do not include the pseudo IP header in the TCP he… Continue reading Why Pseudo IP header is included in the TCP checksum? [closed]