Sunday, July 15, 2012

HeX 3: On the way

We are in the development of HeX 3, this is for real. HeX 3 will be based on FreeBSD 9 and we are looking to create more FreeBSD ports for network security tools. Most of existing tools are compiled successfully in FreeBSD 9, we will provide two platforms this time, either i386 or x64.

We would like to list down all the new network security tools that are going to be included in HeX 3, currently I have 3 in mind -

- NetworkMiner
- Prads
- PassiveDNS
- Pcapfix

Thanks to Erik(NetworkMiner developer) for sending the installation guide to me, that saves my works ;)

Here's the screenshot of NetworkMiner running on upcoming HeX 3 -


If you are aware of any network security tools(especially for packet analysis) and would like us to add it to HeX 3, kindly let me know.

Cheers (;])

Thursday, July 12, 2012

FreeBSD: Netmap

High speed network, big data technology are related terms, they are developed to meet the challenge of application demand today. We always see a lot of works for Linux regarding high speed network(10G and up) but not so much on BSD side. I reported FreeBSD ringmap in my previous blog post, Robert Watson has also implemented zero copy bpf buffers for FreeBSD. And thanks to the friends in #snort-gui, I just found netmap that is going to be part of FreeBSD 10, it seems promising to me and thanks Luigi and his team for the effort to improve the performance of network stack.

Right now there's nothing much we can do to test netmap, however if you want to try it out, you can basically download the images from the netmap website and play around with them, or install FreeBSD Current using the snapshot image which you can find here - http://pub.allbsd.org/FreeBSD-snapshots/

Here are few steps I did after FreeBSD current is installed -

shell>cd /usr/src/sys/modules/netmap
shell>make
shell>kldload ./netmap.ko
shell>kldstat
shell>ls -la /dev/netmap
shell>dmesg

Everything is there but you need to play around with them, so download -

http://info.iet.unipi.it/~luigi/netmap/20120608-netmap.tgz

After untar it, you can start play around with the pkt-gen and other binaries provided in there. Currently netmap is still under development and testing, hopefully when it reaches stable stage, we will be able to see a lot of network security monitoring tools ported to work with netmap since it will be in native FreeBSD system. For most of the detail stuffs, do check out the presentation slide and other information in netmap website.

Cheers ;]

Flocon 2012: Argus Training Slide

If you are looking for detail information about latest argus development and offering, look no further -

http://www.qosient.com/argus/presentations/Argus.FloCon.2012.Tutorial.pdf

The slide is made by Carter and it contains a lot of information for state of the art flow analysis tool - argus. Though a long time argus user, I still learn something new from the slide.

Cheers (;])