Index
J-L
Knock sample program for port scanning, 239-256
last in first out (LIFO) queue, 260-261
layers of security model, 2
Legerdemain sample program using libsf fingerprinting, 122-127
len, 13
length of packet, libpcap library and, 13
libcrypto.a, 163
libdnet library, 35-86, 129-162
address resolution functions in, 42-45
address resolution protocol (ARP) and, 129, 131, 134-137
134-136
advanced-mode functions in, 75-76
ancillary functions in, 74-75
ARP cache functions in, 136-137
binary buffers and, 130, 134, 143-145
callbacks and, 139
checksums in, 36, 39-40, 73
Clutch sample program using, 147-162
design considerations in, 36-40
error handling in, 40, 42, 74, 76
Ethernet and, 130, 133, 141-143
Firewalk security tool and, 331, 346-347, 364-366
firewalls and, 130, 132-133, 140-141
framework functions in, 41-42
header sizes in, 48-50
installation of, 36, 130
interface allocation in, 36
interfaces and, 130-131, 133, 138-140
Internet protocol (IP) and, 130, 133, 141-143
kernel ARP cache lookup, 129
libnids and, 35-36
memory allocation/deallocation in, 36-37, 45
native datatypes in, 40-41
Open Systems Interconnectivity (OSI) model, 45-46
order of packet builder function calls important in, 45
packet builder functions in, 45-73
payload interface for, 47
port list functions in, 73-74
protocol tags and, 48-73
pseudorandom number functions in, 76
Punch sample program using, 77-86
random numbers and, 130, 134, 145-146
return values in, 48-73
route tables and, 130-131, 133, 137-138
service access point (SAP) symbolic constants in, 51
steps in, to build and send a packet, 36-37
symbolic constants for Ethernet and, 50
versions of, 35-36
wire injection methods in, 37-39
libnids library, 87-112
callbacks in, 90, 92-93
callbacks, registration functions in, 95-96
error handling in, 94-95
initialization and execution functions in, 93-95
installation of, 88
IP defragmentation in, 88, 95
libdnet library and, 35-36
Lilt sample program using, 96-112
native datatypes in, 88-93
TCP port scan detection in, 88
TCP stream reassembly in, 88
TCP-specific functions in, 96
libnids_errbuff, 94-95
libpcap component, 3
libpcap library, 9-33
ancillary functions in, 20-21
Berkeley Packet Filter (BPF) in, 18, 343
capture functions in, 16-17
error handling in, 14-17, 19, 21
filter functions in, 18-19
Firewalk security tool and, 331, 343, 361-362
initialization functions in, 13-16
installation of, 10
native datatypes in, 10-13
promiscuous Dits and, 15
savefile (dump) functions in, 19-20
Stroke sample program using, 22-33
library initialization, 41-42
libsf library, 113-127
active fingerprinting methods in, 115-117
b-trees in, 118-119
control flags in, 119-120
database for, 118-119
design considerations in, 114-119
error handling in, 119-120
fingerprint functions in, 120-121
framework functions in, 119-120
installation of, 114
IP don't fragment bit in, 118
IP packet size in, 118
IP time to live (TIL) in, 117
Legerdemain sample program using, 122-127
native datatypes in, 119
NULL packet to open port in, 115
passive fingerprinting methods in, 117-118
results functions in, 121-122
lifecycle, software development, 6-8
lifsf_handle, 119
link layer control (LLC), 20, 37-39, 48, 51, 343-344
link state acknowledgment (LSA) header (OSPF), 68-69
link state request (LSR) header (OSPF), 67-68
link state update header (OSPF), 68
Linux, 14, 39, 96-112, 140
little endian byte ordering, 197
lookups, libpcap library and, 15
looping, 17, 90, 140-141, 353-355