I think people who work in Network Security should have chance to learn, and study the packet dump files, usually if we are following the Open Source Standard, libpcap is considered the most common format that widely been used everywhere including commercial companies.
However not much people want to share the network trace files, the critical and sensitive information yields many people stop doing that. I'm still looking forward to OpenPacket that soon will be launched, though I don't know when since Rich is busy with his stuffs. OpenPacket will serve a central repository for interesting network trace files. If you want to learn about protocol by studying the headers and payloads, you can check it out at,
http://wiki.wireshark.org/SampleCaptures
http://www.icir.org/enterprise-tracing/download.html
While you may wonder how you can share your network trace files, there are tools available to help you anonymizing the packet headers, I won't be showing how it can be done here but you can learn by reading the man page, or maybe waiting for my handbook that still in process. Here are the tools,
ipsumdump - http://www.cs.ucla.edu/~kohler/ipsumdump/
tcpdpriv - http://ita.ee.lbl.gov/html/contrib/tcpdpriv.html
tcpmkpub - http://www.icir.org/enterprise-tracing/tcpmkpub.html
There maybe other tools like netdude where it can edit network trace files on the fly. With those tools you can remove or modify the confidential data in the network trace files and share to the world.
P/S: For people wonder what I'm doing lately since not much updates in the blog, I'm still writing technical materials for the handbook that I plan to release after HITB conference.
However not much people want to share the network trace files, the critical and sensitive information yields many people stop doing that. I'm still looking forward to OpenPacket that soon will be launched, though I don't know when since Rich is busy with his stuffs. OpenPacket will serve a central repository for interesting network trace files. If you want to learn about protocol by studying the headers and payloads, you can check it out at,
http://wiki.wireshark.org/SampleCaptures
http://www.icir.org/enterprise-tracing/download.html
While you may wonder how you can share your network trace files, there are tools available to help you anonymizing the packet headers, I won't be showing how it can be done here but you can learn by reading the man page, or maybe waiting for my handbook that still in process. Here are the tools,
ipsumdump - http://www.cs.ucla.edu/~kohler/ipsumdump/
tcpdpriv - http://ita.ee.lbl.gov/html/contrib/tcpdpriv.html
tcpmkpub - http://www.icir.org/enterprise-tracing/tcpmkpub.html
There maybe other tools like netdude where it can edit network trace files on the fly. With those tools you can remove or modify the confidential data in the network trace files and share to the world.
P/S: For people wonder what I'm doing lately since not much updates in the blog, I'm still writing technical materials for the handbook that I plan to release after HITB conference.
Cheers :]
No comments:
Post a Comment