authorgoat

WireShark 1.2.9 install on Mac OS X 10.6.4

 Posted by at 3:33 am  Mac, Mac How To  Comments Off on WireShark 1.2.9 install on Mac OS X 10.6.4
Jul 252010
 

I wanted to install WireShark on my MacBookPro but found that simply following the instructions simply did not work completely, but I dd manage to work through the issues.Following the instructions installed the app but I could not see any interfaces, and as it turns out it is a permissions issue.

The ‘dmg’ file downloads fine and the instructions are clear enough in the “read me first.rtf’:

  1. Drag the Wireshark icon (i.e., wireshark.app) to the Applications alias (folder).
  2. (Within the Wireshark dmg folder) open the Utilities folder.
  3. Drag the contents of the Command Line folder to /usr/local/bin (if you’re a Windows convert like I am that means using the Go menu in Finder to navigate to /usr/local/bin)
  4. You will need to adjust the permissions on /dev/bpf* in order to capture… You can do this by dragging the ChmodBPF folder to the StartupItems alias **But this did not work for me**� To be fair the instructions do say “you can do this by hand” and that is exactly what needed to be done in this case.

After several failed attempts I opened the ChmodBPF folder and examined the contents of the executable ChmodBPF and manually carried out its instructions from a command line to resolve the issue.

From the ChmodBPF file the two needed instructions, both prefixed with ‘sudo’, to be run from a command prompt are:

chgrp admin /dev/bpf*

chmod g+rw /dev/bpf*

Without this change Wireshark launches but fails to see any “interfaces” which means it will not capture nor decode packets.

ASDM 6.x conflicts with JRE 1.6.11+

 Posted by at 11:43 pm  Network Administration, Network Research  Comments Off on ASDM 6.x conflicts with JRE 1.6.11+
Jun 072010
 

Working with an under powered ASA 5520 with merely 256MB of RAM whose IOS and ASDM image have not been updated since delivery from the factory, there is a conflict between the ASDM and the Java Runtime Environment (JRE). Sometimes you can back level the version of JRE on the workstation (on Windows clients for instance) unless the older versions are not listed, then you’ll need to acquire the older version and install it in order to back level to it.

The JRE must be 1.6.11 or less, but there may be a workaround, here more on these topics here:

http://www.ccietalk.com/2009/05/19/adaptive-security-device-manager-hot-issues

 Tagged with:

Perl Special Variables (some)

 Posted by at 2:52 pm  Coding & Scripting, Perl  Comments Off on Perl Special Variables (some)
May 032010
 

# a few of the most common special variables
# $_ default input
# $.  line numbers
# $1, $2, $3, etc. Pattern results
# $! System error number or string
# $@ eval() error
# $$  Process ID (PID)
# $0  Program name
# @_  List of arguments for subroutine
# @ARGV  List of command-line arguments
# @INC  List of paths Perl searches for libraries and modules
# %ENV  List of environment variables

Use Perl to display a file with line numbers

 Posted by at 2:45 pm  Coding & Scripting, Perl  Comments Off on Use Perl to display a file with line numbers
May 032010
 

I’m not sure how a Perl code snippet will react in a CMS posting so I’ve commented it out; if you have use for this simple script remove the “#” comment characters.  The code could be named anything, I call it readme.pl and it is run from the command prompt as ‘perl readme.pl filename‘. The file utilizes the default file handle within the “while()” to open the file referred to by @ARGV (a special variable) and two common special variables “$.” and “$_” for line numbers and default input respectively.

#!/usr/bin/perl
#
# use strict;
# use warnings;
#
# main(@ARGV);
#
# sub main
# {
# while() {# using the special file handle to read lines from the command line
# print “$. $_”;
#  }
#}

Where is your encrypted password stored under *nix.

 Posted by at 11:39 pm  Linux, Linux How To  Comments Off on Where is your encrypted password stored under *nix.
Apr 162010
 

So I went for an interview and one of the panel grilling me asked where, under *nix, is your encrypted password stored? I new /etc/passwd contained seven fields of detail for each user account, but I couldn’t remember where the encrypted passwords were stored! The answer is /etc/shadow (- r w – r – – – – – -).

The seven fields in the /etc/passwd file are separated with colons:

  1. User name
  2. Password
  3. User ID
  4. Group ID
  5. User ID Infor
  6. Home Directory
  7. command shell path

In the /etc/shadow file, the first character is a ! if the account is locked

Check this link for Solaris root password recovery.

Linux File Information Overview

 Posted by at 2:39 pm  Linux, Linux How To  Comments Off on Linux File Information Overview
Apr 162010
 

View permissions with ls -l

Output is seven columns: type & permissions, link count, owner, group, size, date & time last mod, name

Type & Permissions displayed as 10 positions: first position is Type, last nine are permissions.

Types: d, -, l, s, p, c, d.

d = directory

– = regular file

l = symbolic link

s = unix domain socket

p = named pipe

c = character device file

b = block device file

Permissions are displayed a a collection of 3 x 3, or nine bits: ——— and can be imagined as — — —

Each position can be r, w, or x for read, write, and execute respectively

Permissions are also expressed as Octel digits 0 through 7:

0 = —

1 = –x

2 = -w-

3 = -wx

4 = r–

5 = r-x

6 = rw-

7 = rwx

Use chmod to modify permissions

Eval of Windows 7, MCITP, and e-learning notes

 Posted by at 2:26 pm  Windows, Windows Research  Comments Off on Eval of Windows 7, MCITP, and e-learning notes
Apr 122010
 

I have a need to maintain my marketability and recent job searching has reminded me that I need to add a few certifications to my resume.� Towards that end I decided to use Microsoft’s e-learning to study for and pass (hopefully) the testes required for MCITP: Enterprise Administrator. MCITP stands for Microsoft Certified IT Professional, and it is the certification track to use for skill building with the latest topics such as Windows Server 2008, SQL Server 2008, or Exchange 2010. Visit the MCITP page at Microsoft for all the details.

I found navigating the Microsoft training website somewhat awkward at first, and it felt as though I was clicking around in circles until I got my bearings.� I purchased e-learning for the first three of five tests required for the MCITP: Enterprise Administrator, for roughly $1,300.00, and plan to practice my labs both online and on an instance leveraging my TechNet subscription and VMWare Fusion: my laptop is a MacBook Pro. I still need to purchase the last two tests, the complete list for MCITP: Enterprise Administrator is 70-640, 70-642, 70-643, 70-680 (my choice), and 70-647. Those I procured are for 70-640, 70-642, and 70-643.

I am taking the e-learning classes from Windows 7, built virtually in VMWare Fusion and will be making notes on that experience as I go.� I tried to initiate the e-learning lessons under Firefox from OS X and found that they would not load, luckily I had a Windows 7 instance already built.� I loaded the free “Microsoft Live” bundle of applications onto Windows 7, which gave me Live Mail among other apps which worked well with my passport account in hotmail.� But I haven’t yet seen if there is an office live linkage for Wordpad; I suspect there is not.

More to come…

The OSI Reference Model

 Posted by at 5:02 am  Network Administration, Network Research  Comments Off on The OSI Reference Model
Apr 082010
 

The OSI Reference model is the fundamental design of internet communication, and lays out a schematic for the assembly of internet based information, how it is organized and transmitted from one computer to another.� Information is organized like an onion, with layers over layers, and each layer communicates information. The layer effect is called encapsulation, and as encapsulation occurs, the information changes name so that we can speak about it contextually.� Low level information is referred to as bits, slightly higher level information is called a frame, then packets, and then segments, and finally data. Looking at it from the perspective of a user in a word spreadsheet application placing a link to another document in one of the cells, the process begins at the Application Layer.

Starting with some information called data, encapsulating it with a header and footer to create a segment, passing it to the Presentation Layer which adds a header and footer again, and on to the Session layer with another header and footer, and so on down the stack until the bits are transmitter across the network.� Arriving information is then incrementally stripped of its header and footer as it moves up through the layers, until it arrives on a different computer where the linked data resides.� The process happens many time per second, but understanding the process is fundamental to understanding how to troubleshoot the network.

The reference model has seven layers:

  1. Physical
  2. Data Link
  3. Network
  4. Transport
  5. Session
  6. Presentation
  7. Application

Although I’ve listed the layers in ascending order here, the stack is often shown with the Application layer on the top, and the model really becomes helpful when depicted as part of a diagram.

Ports to Remember

 Posted by at 4:33 am  Network Administration, Network Research  Comments Off on Ports to Remember
Apr 082010
 

Port Protocol��� Description

20� TCP��������� FTP, Data

21� TCP��������� FTP, Control

22� TCP/UDP�� SSH

23� TCP��������� Telnet

25� TCP��������� SMTP

42� TCP/UDP�� WINS

43� TCP � � �� � WHOIS

53� TCP/UDP�� DNS

67 UDP���������� BOOTP, DHCP Client

68� UDP��������� BOOTP, DHCP Server

69� UDP��������� TFTP

80� TCP/UDP�� HTTP

110 TCP���������� POP3

135 TCP ��������� Client/Server Communications, Exchange Administrator, DHCP Manager,

137 UDP � � � � � File Shares Name Lookup, Browsing requests to NetBIOS

138 UDP���������� Browsing datagram responses of NetBIOS

139 TCP���������� File Shares Session

143 TCP���������� IMAP

389 TCP���������� LDAP

443 TCP/UDP��� HTTPS

636 TCP���������� LDP over TLS/SSL

989 TCP/UDP �� FTPS data; FTP over TLS/SSL

990 TCP/UDP��� FTPS control; FTP over TLS/SSL

993 TCP���������� IMAP (SSL)

995 TCP���������� POP3 (SSL)

1433 TCP��������� SQL Session

3389 TCP��������� RDP, Terminal Server