From: Jim March <1.jim.ma...@gmail.com>
> I've looked the manual over for tcpdump:
> http://www.tcpdump.org/tcpdump_man.html
tcpdump [ -AdDeflLnNOpqRStuUvxX ] [ -c count ]
[ -C file_size ] [ -F file ]
[ -i interface ] [ -w file ]
...does that make it any clearer?
> jim@jim-lappy
Jason wrote:
> On 02/22/2011 09:06 AM, Jim March wrote:
> > One other thing: on top of the Windows guest issue, I've got *something*
> > in Linux that's also hitting the wire a lot. Is there something similar
> > to "top" that tracks Linux processes by network traffic impact? I'd
> > like to elim
Entertainment:
http://www.catb.org/~esr/writings/unix-koans/
On Tue, Feb 22, 2011 at 1:48 PM, Andrew Harris wrote:
> Is the TFUG list exclusive to district 28?
>
> On Feb 22, 2011, at 1:42 PM, Jordan Aberle wrote:
>
>> Jim is from Tucson, sneaky... I'm going to hop on the TFUG list for
>> reta
Is the TFUG list exclusive to district 28?
On Feb 22, 2011, at 1:42 PM, Jordan Aberle wrote:
> Jim is from Tucson, sneaky... I'm going to hop on the TFUG list for
> retaliation. :)
>
> On Tue, Feb 22, 2011 at 1:34 PM, Andrew Harris wrote:
>> Maybe you should skip a month of rent for that.
>>
Jim is from Tucson, sneaky... I'm going to hop on the TFUG list for
retaliation. :)
On Tue, Feb 22, 2011 at 1:34 PM, Andrew Harris wrote:
> Maybe you should skip a month of rent for that.
>
> On Feb 22, 2011, at 12:58 PM, Jim March wrote:
>
>> HA! OK, this is funny :).
>>
>> I got Wireshark wor
Maybe you should skip a month of rent for that.
On Feb 22, 2011, at 12:58 PM, Jim March wrote:
> HA! OK, this is funny :).
>
> I got Wireshark working. Cool. I start looking at traffic going by. I see
> various IP addresses being talked to. OK...cool...go find out what the IP
> addresses
HA! OK, this is funny :).
I got Wireshark working. Cool. I start looking at traffic going by. I see
various IP addresses being talked to. OK...cool...go find out what the IP
addresses lead to. One of 'em leads to...FACEBOOK? WTF? I don't use it, I
don't *think* anything in my VM uses it...
The malware has probably reached Australia by now. :)
On Tue, Feb 22, 2011 at 12:42 PM, Jim March <1.jim.ma...@gmail.com> wrote:
> Sigh.
>
> I've looked the manual over for tcpdump:
>
> http://www.tcpdump.org/tcpdump_man.html
>
> I've tried the commands:
>
> ---
> jim@jim-lappy:~$ sudo tcpdump -s
Sigh.
I've looked the manual over for tcpdump:
http://www.tcpdump.org/tcpdump_man.html
I've tried the commands:
---
jim@jim-lappy:~$ sudo tcpdump -s 0 -w -i file.pca host 10.0.1.4
[sudo] password for jim:
tcpdump: WARNING: eth0: no IPv4 address assigned
tcpdump: syntax error
jim@jim-lappy:~$ su
From: Jim March <1.jim.ma...@gmail.com>
> jim@jim-lappy:~$ sudo tcpdump -s 0 -w file.pca host 10.0.1.4
> tcpdump: WARNING: eth0: no IPv4 address assigned
> tcpdump: listening on eth0, link-type EN10MB (Ethernet)
>
> This comes closer, but...it's still listening on eth0.
> How do I point it to wlan
it will have a unique mac address.
if you had openbsd as a firewall vm, you could pass traffic through there and
use the os.fingerprints file to pass or block what you needed.
-Eric
On Feb 22, 2011, at 8:22 AM, Jim March wrote:
> Folks,
>
> I'm trying to figure out what a particular Windows p
Mint is now at rel 10 and I suppose the XFCE version is also by now
On Mon, Feb 21, 2011 at 1:33 PM, ChasM Marshall wrote:
> Hiya,
>
> I've had good luck with Mint 7 (almost Ubuntu 9.04) using XFCE.
> Quite peppy, pretty simple installed applications. No widgets.
>
> I know KDE is heading int
Hi Kaia,
I think I would like to go, but I am just not sure about costs including a
hotel.
I think I would prefer driving and sharing a hotel. Are you sharing?
On Tue, Feb 22, 2011 at 9:18 AM, Taylor, Kaia wrote:
>
> If anyone is still looking for either a driver or passenger to Scale from
> T
Right, so:
---
jim@jim-lappy:~$ sudo tcpdump -s 0 -w file.pca host 10.0.1.4
[sudo] password for jim:
tcpdump: WARNING: eth0: no IPv4 address assigned
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535
bytes
^C0 packets captured
0 packets received by filter
0 packets droppe
From: Jim March <1.jim.ma...@gmail.com>
> According to ifconfig the interface I'm trying to monitor is:
> wlan0 Link encap:Ethernet HWaddr 00:14:d1:c8:b4:bf
> inet addr:10.0.1.4 Bcast:10.0.1.255 Mask:255.255.255.0
Are you sure? That looks like the IP of the Linux box. The Doze V
If anyone is still looking for either a driver or passenger to Scale from
Tempe, then please drop me a line today.
I'm fine with returning later on Sunday, but have not yet looked up the BoF
sessions, so no precise plans or timing.
Regards,
Kaia Taylor
DevSA group -- tis-dco-devsa - jum
Ah...OK, I think I'm getting somewhere. BUT...
According to ifconfig the interface I'm trying to monitor is:
---
wlan0 Link encap:Ethernet HWaddr 00:14:d1:c8:b4:bf
inet addr:10.0.1.4 Bcast:10.0.1.255 Mask:255.255.255.0
inet6 addr: fe80::214:d1ff:fec8:b4bf/64 Scope:Link
From: Jim March <1.jim.ma...@gmail.com>
> jim@jim-lappy:~$ tcpdump -s 0 -w file.pcap host 127.0.0.1
> tcpdump: no suitable device found
That's the loopback interface, and will not have what you're looking for on
it. tcpdump under Linux must be run as root unless you have the "capability"
stuff tu
On 02/22/2011 09:06 AM, Jim March wrote:
> One other thing: on top of the Windows guest issue, I've got *something*
> in Linux that's also hitting the wire a lot. Is there something similar
> to "top" that tracks Linux processes by network traffic impact? I'd
> like to eliminate whatever that is
Ummm...it ain't working. I get:
---
jim@jim-lappy:~$ tcpdump -s 0 -w file.pcap host 127.0.0.1
tcpdump: no suitable device found
jim@jim-lappy:~$
---
So I ran Wireshark and it doesn't see an interface it can use. I've tried
two different WiFi cards, one a Broadcom and one Ralink I think. Dangit
One other thing: on top of the Windows guest issue, I've got *something* in
Linux that's also hitting the wire a lot. Is there something similar to
"top" that tracks Linux processes by network traffic impact? I'd like to
eliminate whatever that is before I start on the Windows issues.
I've turne
>
> You'd trust a compromised machine to report on the traffic that some
> known malware is sending out? I have this great deal on Florida swampland
> for you :-) Also, Jim wanted to do the monitoring from the Linux side.
> But if you're stuck on a Doze box, sysinternals is a reasonable subs
> Jim March <1.jim.ma...@gmail.com> wrote:
>> I'm trying to figure out what a particular Windows piece of malware
>> does. To that end I built a brand new WinXP virtual machine via
>> Virtualbox (Linux host of course) and then infected the virtual
>> machine, which has Internet connectivity via a N
Wireshark on the interface to see what the traffic is.
On Tue, Feb 22, 2011 at 8:22 AM, Jim March <1.jim.ma...@gmail.com> wrote:
> Folks,
> I'm trying to figure out what a particular Windows piece of malware does.
> To that end I built a brand new WinXP virtual machine via Virtualbox (Linux
> host
You have to take them apart.
Please either attend the event or look on sbhacker.com or youtube.com for
videos.
On Tue, Feb 22, 2011 at 8:38 AM, Michael Havens wrote:
> a jtag usb has a 6-pin connector (according to
> http://www.digilentinc.com/Products/Detail.cfm?Prod=JTAG-USB). NOne of my
> de
a jtag usb has a 6-pin connector (according to
http://www.digilentinc.com/Products/Detail.cfm?Prod=JTAG-USB). NOne of my
devices have 6-pin connectors. I do have a usb cord with a rectangular
connector on one end and a squareish connector on the other.
On Mon, Feb 21, 2011 at 10:06 PM, Lisa Kachol
Sysinternals can do everything you need, take a look specifically at Procmon
http://technet.microsoft.com/en-us/sysinternals
TCPVIEW also.
On Tue, Feb 22, 2011 at 8:22 AM, Jim March <1.jim.ma...@gmail.com> wrote:
> Folks,
> I'm trying to figure out what a particular Windows piece of malware does.
Folks,
I'm trying to figure out what a particular Windows piece of malware does.
To that end I built a brand new WinXP virtual machine via Virtualbox (Linux
host of course) and then infected the virtual machine :).
In Ubuntu (Gnome) I usually run the System Monitor toolbar widget set to
display
28 matches
Mail list logo