Thursday, May 21, 2009

Editcap: Discard unwanted frames

With editcap you can actually remove multiple frames(people like to call it packets in general) you don't want. For example if I want to remove frame number 40, 69, 71, 113 and 115 in mail.pcap -

shell>editcap mail.pcap mail-modified.pcap 40 69 71 113 115
Add_Selected: 40
Not inclusive ... 40
Add_Selected: 69
Not inclusive ... 69
Add_Selected: 71
Not inclusive ... 71
Add_Selected: 113
Not inclusive ... 113
Add_Selected: 115
Not inclusive ... 115

Check with capinfos -

shell>capinfos -c mail.pcap
File name: mail.pcap
Number of packets: 173

shell>capinfos -c mail-modified.pcap
File name: mail-modified.pcap
Number of packets: 168

Quick and easy!

Cheers (;])

Tuesday, May 19, 2009

Time to sell myself .....

This year, I thought things are going to be smooth for me, and I was wrong. But I do know life goes on.

So I'm now out for job again and plan to settle down a bit. This is the first time I put up my resume here, and hopefully can get the right job for myself quickly. I'm looking for job related to firewall/ids/siem implementation/deployment/analysis/response.

If you think there's any opportunity I can grab, or you are interested to hire me, please let me know. Here's my resume.


Friday, May 15, 2009

FreeBSD On VMware Time Sync Issue

We have been trying to fight with the time synchronization issue when running FreeBSD on VMware. With the new FreeBSD(7.1 and above) and new VMware workstation/fusion, the problem is fixed.

That's great as it means we can run HeX more flawlessly on VMware. On the other hand, HeX is back to active development, stay tuned!

Enjoy ;]

Surface Mount Box - 4 ports

I have been looking for 4 ports surface mount box(cat5e compatible) which looks like the above image, if any of you know where I can find in Malaysia, or you sell it, please let me know. I would like to order 20-50 units from you. I want to order online but it is out of stock here. On the other hand, if you know anyone who sell cat5e keystone jack with reasonable price, I would like to buy as well.

My plan is to build network tap using this mount box, and as a gift to whoever attends my future network forensics training.

Cheers ;]