Hi,
It is probably not related to Bro development but it is a challenge that I met in my research progress.
Right now, I can at least get some different DNP3 traffic from what I had before. I would like to generate some illegal traffic based on this legal traffic set. My plan is to flip a bit values in each bit location of the DNP3 packet and see how my Bro analyzer behave.
For each DNP3 packet, I can use the Bro to extract a byte stream of the TCP payload. I am wondering is there any way to reverse this procedure. For example, I had a byte stream X. I wish to construct a network packet based on TCP protocol and this X will be the payload of TCP packet. If the X is too long, I hope that several TCP packets can be constructed with the correct sequence number being set.
I am taking look at the socket api in Windows at this moment (WSASocket). But I am not quite sure whether it is possible to do this by that API.
Any comments and inputs are welcome.
Best