Scapy is a (mostly) cross-platform packet manipulation tool. This allows you to craft and edit packets that you then send to other hosts when you open a socket. This is incredibly useful for, for example, capturing a packet being sent to you, manipulating the payload, and passing the packet on to another host. This is a pretty common, albeit slightly more advanced, method of security testing. Installing Scapy is a pretty straight forward process, if a tad bit time consuming compared to something coming in from a standard package.
Before you get started, make sure you have the OS X Developer Tools installed from the Mac App Store. Also, make sure you have ports installed from https://www.macports.org/install.php. You’ll also need pylibpcap, as with most packet manipulation tools, so install that from Install Pylibpcap, Download from http://sourceforge.net/projects/pylibpcap/. Then there are some dependencies we’ll grab from Mac Ports:
port upgrade outdated
port install py27-libdnet
port install libdnet
Next, download scapy from http://www.secdev.org/projects/scapy/. Once downloaded, cd into the scapy directory:
Then run the python installer:
sudo python setup.py install
Once installed, then start scapy with:
Next, we’ll read a pcap file, which I have at ~/Documents/mypcap
You can also build a custom packet, using
< IP ttl=10 |>
< IP ttl=10 dst=192.168.210.11 |>
< IP dst=192.168.210.11 |>
So far, very basic. We’ve read a packet and we’ve created a packet. Use send to send a packet:
You can also add a Fuzz option, to get into fuzzing, and use sr1 to send and receive packets, rather than just send (thus allowing you to view the response).
krypted March 14th, 2015
sFlow is an industry standard that allows network equipment with the appropriate agents to send data to sFlow collectors, which then analyze network traffic. You can install sFlow on routers, switches, and even put agents on servers to monitor traffic. Brocade (along with most other switch manufacturers) supports sFlow.
Before you do anything log into the switch and check the current flow configuration:
To configure, log into the switch and use the the int command to access an interface. From within the interface, use the following command:
Then exit the interface using the very difficult to remember exit command:
Repeat the enablement of forwarding for any other necessary interfaces. Next, we’ll configure a few globals that would be true across all interfaces. The first is the destination address, done using the destination verb followed by the IP and then the port (I’m using the default 6343 port for sFlow):
sflow destination 192.168.210.87 6343
Set the sample rate:
sflow sample 512
Set the polling interval:
sflow polling-interval 30
Finally, enable sFlow:
krypted January 2nd, 2015
Mobile Home Directory synchronizing in OS X Server environments is used to synchronize the home folder of clients with a copy that lives on the server, so users can roam between computers with their desktop, documents and preferences following them from machine to machine. Server Side File Tracking creates and keeps a copy of the sync database on client machines and servers, comparing the two databases when synchronizing rather than scanning directories for all the synced files each time a synchronization occurs. In environments with synchronizing Mobile Home Directories, Server Side File Tracking (SSFT) can help reduce the amount of time required for syncs. Server Side File Tracking is disabled by default in OS X Mountain Lion Server and cannot be enabled from the Server app. To enable Server Side File Tracking (aka – FileSyncAgent), use the following command:
sudo serveradmin settings info:enableFileSyncAgent = yes
To then turn it back off, if you so choose:
sudo serveradmin settings info:enableFileSyncAgent = no
Logs are then stored in ~/Library/Logs/FileSyncAgent/FileSyncAgentVerbose.log if you need further information. Note that TCP port 2336 needs to be open for the FileSync Agent to connect over ssh on port 2336 to the server; however, ssh doesn’t need to be enabled on the standard port 22 but mobile users must have access to the SSH SACL.
krypted August 16th, 2012
phpLDAPadmin is a tool that can be used to walk LDAP trees and view attributes of objects located within them using a web browser. This isn’t to say that it’s the prettiest tool out there but it works really well and is portable between various flavors of LDAP.
Before you can use phpLDAPadmin you will need Apache. In Ubuntu, Apache can be installed using apt-get:
apt-get install apache2
Once you have Apache installed, downloading phpLDAPadmin and installing it in Ubuntu Server 10 couldn’t be easier, just apt-get the package:
apt-get install phpldapadmin
Now you have the pieces, let’s copy phpLDAPadmin into your web root directory:
cp -R /usr/share/phpldapadmin /var/www/myphpldapadmin
In that new directory you will see a config file. Here, you’ll see some lines that appear as follows:
$ldapservers->SetValue($i,’server’,’name’,’My LDAP Server’); // The name to display
$ldapservers->SetValue($i,’server’,’host’,’127.0.0.1′); // Address of the LDAP server
$ldapservers->SetValue($i,’server’,’port’,’389′); // Port number
$ldapservers->SetValue($i,’server’,’base’,array(‘dc=example,dc=com’)); // Base dn
You’ll want to provide the address, port number (if the port isn’t 389) and DN information of your server and then connected by visiting the website created via Apache (if the server name were ldapserver.local, this might be http://ldapserver.local/phpLDAPadmin). Provide the username and password and you should be able to use phpLDAPadmin. Happy LDAP’ing!
krypted November 17th, 2010
In Windows 7 (and previous versions for that matter), you can change the port that RDP listens on for new Remote Desktop connections. To do so you would fire up regedit and then browse to the following key:
Here, you would change the PortNumber to a new decimal value that is the port you wish to listen on. Save, reboot and you’re good to go.
krypted October 12th, 2010
Posted In: Windows XP
As of version 8, Retrospect uses port 22024 when the Retrospect Console needs to communicate with the engine. It just so happens that this can become unresponsive when the engine itself decides to stop working. Therefore, if you’re using Retrospect 8, you can run a port scan against port 22024 ( i.e. stroke <IP_ADDRESS> 22024 22024 ) and then restart the engine if it goes unresponsive. To restart the engine, simply unload and then load com.retrospect.launchd.retroengine. For example:
/bin/launchctl unload /Library/LaunchDaemons/com.retrospect.launchd.retroengine.plist; /bin/launchctl load /Library/LaunchDaemons/com.retrospect.launchd.retroengine.plist
I have found that if you alter the nice value that the engine crashes less (not that I’m saying that it crashes a lot or is buggy btw, just seen it in a few cases now). To do so, change the nice value in /Library/LaunchDaemons/com.retrospect.launchd.retroengine.plist from the default (0) to -10 (or -20 even).
Historically, there have been intermittent issues with the client software running. To determine if it’s running or stopped from within the host that the client is running on you can use the following (for versions 6 and below):
ps -cx | grep retroclient
Or you can use the following for version 8:
ps -cx | grep pitond
Or you can port scan port 497 for the client:
stroke <IP_ADDRESS> 497 497
krypted June 4th, 2010
Posted In: Mac OS X Server