Saturday, January 14, 2012

FreeBSD 9.0 Release is OUT!

If you haven't noticed yet, FreeBSD 9.0 Release is out, grab it while it is still hot. The announcement can be found at

http://www.freebsd.org/releases/9.0R/announce.html

You can check out the release note at -

http://www.freebsd.org/releases/9.0R/relnotes.html

I'm glad to see the driver improvement for network adapters especially intel based cards, and the netgraph ng_netflow supports NetFlow V9 export. Another interesting feature is usbdump which can be used to dump packets over usb controller. As always ipfw is improved in almost every FreeBSD release just like pf in OpenBSD. The FreeBSD team has also made a lot of improvement on file system wise. Finally we see new installer for FreeBSD ;)

With FreeBSD 9.0 Release is officially out, time to work on HeX 3!

Cheers ;]


Wednesday, January 11, 2012

Argus 3: Some hardly used scripts

There are couple of perl scripts come with argus 3 to process argus data, in case you haven't used them, do try them out, I will just show the result generated by those scripts -

shell>perl ./raips -r ~/pcap-repo/anubis.arg3
187.45.196.28
187.45.241.156
192.168.0.1
192.168.0.2

Raips will generate all unique IP addresses that are seen in the argus data.

shell>perl ./rahosts -r ~/pcap-repo/anubis.arg3
192.168.0.2: (3) 187.45.196.28, 187.45.241.156, 192.168.0.1

Rahosts will generate host report, and telling you the hosts that initiate network connection(transmitter) and also destination hosts that are probed(receiver), you may get an array of IP addresses in the same network if it is network scanning or worm outbreak activity.

shell>perl ./raports -r ~/pcap-repo/anubis.arg3
187.45.241.156 tcp: (1) 80
192.168.0.1 udp: (1) 53
187.45.196.28 tcp: (1) 1433

Raports will generate the port report, however only on server side, which means those ports that are probed by any host.

If you are not satisfied with the result generated by those scripts, you are free to modify them to fit your needs, basically Carter is just demonstrating what you can do with argus data using some scripting capabilities.

Cheers (;])

Large Scale Pcap Analysis

It seems that the storage is not much an issue when comes to packet capture anymore, looking at terabytes become general everywhere, and many network analysis tools seem to gear toward large scale pcap data analysis, bro-ids has extended their functionality by using tons of community hardware and timemachine to capture and  analyze network data, and now I just come to read about people in RIPE NCC are doing this using apache hadoop -

https://labs.ripe.net/Members/wnagele/large-scale-pcap-data-analysis-using-apache-hadoop

As we know as well, pcapr is also making use of cloud technology to share and analyze pcap data for internet community.

Enjoy ;]

Monday, January 09, 2012

Picviz on Windows

I never know that someone has actually ported picviz to Windows OS platform for a while until I'm working on picviz stuffs and googling some information, you can find here if you are interested -

http://berise.blogspot.com/2011/01/picviz-for-win32-port.html

Open source really opens up many unknown possibilities ...

Cheers ;]