I am writing some codeql for web servers like apache and nginx. I have done some research and found that a good indicator of a request is ntohs or ntohl because the the data that is sent over a socket needs to be converted from network byte order to host byte order. Are there any other indicators which I should use for web servers?
Asked
Active
Viewed 49 times
-1
-
2what do you mean by """indicator"""? `ntohs` and `ntohl` merely convert the endian-ness of data. What part of these functions qualify as an """indicator"""? – Chase Dec 27 '20 at 19:25
-
The ntohs and ntohl function are almost always used in socket traffic because the data is sent in network byte order and need to be converted to host byte order. – lemonadeice Dec 27 '20 at 19:34
-
how about the `send` function? That is a good indicator because the data that is sent over a socket needs to be sent over a socket. HTTP doesn't use ntohs or ntohl. – user253751 Dec 28 '20 at 10:50
1 Answers
0
"Are there any other indicators which I should use for web servers?"
Your post includes the C tag, so besides the byte order functions you include the select() function should be at least included in the conversation for its message traffic handling capabilities. It is available for both Linux and windows environments, as indicated by following links.
The select(). call is commonly used to manage socket traffic. Read about the concept here. (Link includes tutorial content with code snippets for illustration.)
ryyker
- 22,849
- 3
- 43
- 87