Sake Blok, a Wireshark/Ethereal devotee since 1999, works as a Research & Development Engineer for ion-ip in the Netherlands (http://www.ionip.com) . His company provides solutions to customers who want to deliver their applications to users in a fast, secure, efficient and scalable manner. Sake\'s main focus is to take new products for a spin in their test environment, design custom solutions for customers and troubleshoot the problems customers might encounter while using ion-ip solutions. Two years ago (2006), Sake started to add the functionality he was missing to Wireshark. He also started to fix Wireshark-bugs that were reported on Bugzilla. This work on Wireshark resulted in an invitation from Gerald Combs to join the Wireshark Core Development Team in 2007.
1. The document provides instructions for creating a isolated network in Neutron, including creating a network, subnet, router, and attaching the subnet to the router.
2. It then shows how to assign a public IP to the isolated network by setting the router gateway to an external network.
3. Finally, it demonstrates deleting the isolated network resources, including removing the router gateway, detaching the subnet, deleting the router, and deleting the network.
This document provides instructions for setting up a single server SDN testbed environment using Open vSwitch. It describes installing Ubuntu, configuring networking, installing necessary programs like Open vSwitch and DevStack, and configuring Open vSwitch bridges, tunnels, and virtual machines to emulate an SDN network on a single physical server.
Slides from the Linux Conference Australia 2021 conference https://linux.conf.au/schedule/presentation/64/ .
Tempesta TLS is an implementation of TLS handshakes for the Linux kernel. Since the kernel already provides symmetric ciphers, we focus on asymmetric cryptography only, elliptic curves in particular.
Use used the mbed TLS library as the foundation and almost fully rewrote it to make is x40 faster. During our development we also use parts of WolfSSL library. While WolfSSL outperforms OpenSSL, it uses the same algorithms, which are 5-7 years of old. Tempesta TLS uses newer and more efficient algorithms from the modern cryptography research.
While we still improving performance of Tempesta TLS, the implementation already establishes 40-80% more TLS handshakes per second than OpenSSL/Nginx and provides up to x4 lower latency in several tests.
This talk covers following topics with plenty of benchmarks:
* The fundamentals of elliptic curve computations and the most "hot spots"
* Side channel attacks (SCA) and methods to prevent them
* How the recent CPU vulnerabilities impact TLS handshakes
* Basics of the new fast algorithms used in the Tempesta TLS
* The design trade offs in OpenSSL, WolfSSL, mbed TLS, and Tempesta TLS
Memcacheas UDP Reflectors: A Massive Amplified DDoSthe World(Attack Formulation and Mitigation) by
Muhammad Morshed Alam, AmberIT Limited.morshed@amberit.com.bd
Server-side Intelligent Switching using vyattaNaoto MATSUMOTO
Server-side Intelligent Switching using vyatta. (10 oct, 2012)
for Japan Vyatta Users Meeting 2012 Autumn in Tokyo.
SAKURA Internet Research Center.
Senior Researcher / Naoto MATSUMOTO
The document discusses hacking the Swisscom modem by exploiting default credentials to gain access. Upon login, the author runs commands to investigate the system such as viewing configuration files and mapping the internal network. Various system details are discovered including the Linux kernel version and software components.
This document provides an overview of multi-path VPN technologies. It discusses using Linux bridge, Rapid STP, virtual Ethernet NICs, and tunneling protocols like OpenVPN and L2TPv3 to enable multi-path VPNs across multiple cloud providers. It also covers related topics like performance benchmarking and tuning the Linux kernel for improved throughput.
WIFI를 이용한 실내 장소 인식 기술에 대해 설명합니다. WIFI 신호 강도를 이용한 지문 기법으로 실내 위치를 추정할 수 있습니다. Android에서 WIFI 스캔을 수행하여 AP 정보와 신호 강도를 수집한 후 유사도 측정 알고리즘을 이용하여 가장 유사한 지문과 매칭하여 장소를 인식합니다. 하지만 실제 배포 환경
1. The document provides instructions for creating a isolated network in Neutron, including creating a network, subnet, router, and attaching the subnet to the router.
2. It then shows how to assign a public IP to the isolated network by setting the router gateway to an external network.
3. Finally, it demonstrates deleting the isolated network resources, including removing the router gateway, detaching the subnet, deleting the router, and deleting the network.
This document provides instructions for setting up a single server SDN testbed environment using Open vSwitch. It describes installing Ubuntu, configuring networking, installing necessary programs like Open vSwitch and DevStack, and configuring Open vSwitch bridges, tunnels, and virtual machines to emulate an SDN network on a single physical server.
Slides from the Linux Conference Australia 2021 conference https://linux.conf.au/schedule/presentation/64/ .
Tempesta TLS is an implementation of TLS handshakes for the Linux kernel. Since the kernel already provides symmetric ciphers, we focus on asymmetric cryptography only, elliptic curves in particular.
Use used the mbed TLS library as the foundation and almost fully rewrote it to make is x40 faster. During our development we also use parts of WolfSSL library. While WolfSSL outperforms OpenSSL, it uses the same algorithms, which are 5-7 years of old. Tempesta TLS uses newer and more efficient algorithms from the modern cryptography research.
While we still improving performance of Tempesta TLS, the implementation already establishes 40-80% more TLS handshakes per second than OpenSSL/Nginx and provides up to x4 lower latency in several tests.
This talk covers following topics with plenty of benchmarks:
* The fundamentals of elliptic curve computations and the most "hot spots"
* Side channel attacks (SCA) and methods to prevent them
* How the recent CPU vulnerabilities impact TLS handshakes
* Basics of the new fast algorithms used in the Tempesta TLS
* The design trade offs in OpenSSL, WolfSSL, mbed TLS, and Tempesta TLS
Memcacheas UDP Reflectors: A Massive Amplified DDoSthe World(Attack Formulation and Mitigation) by
Muhammad Morshed Alam, AmberIT Limited.morshed@amberit.com.bd
Server-side Intelligent Switching using vyattaNaoto MATSUMOTO
Server-side Intelligent Switching using vyatta. (10 oct, 2012)
for Japan Vyatta Users Meeting 2012 Autumn in Tokyo.
SAKURA Internet Research Center.
Senior Researcher / Naoto MATSUMOTO
The document discusses hacking the Swisscom modem by exploiting default credentials to gain access. Upon login, the author runs commands to investigate the system such as viewing configuration files and mapping the internal network. Various system details are discovered including the Linux kernel version and software components.
This document provides an overview of multi-path VPN technologies. It discusses using Linux bridge, Rapid STP, virtual Ethernet NICs, and tunneling protocols like OpenVPN and L2TPv3 to enable multi-path VPNs across multiple cloud providers. It also covers related topics like performance benchmarking and tuning the Linux kernel for improved throughput.
WIFI를 이용한 실내 장소 인식 기술에 대해 설명합니다. WIFI 신호 강도를 이용한 지문 기법으로 실내 위치를 추정할 수 있습니다. Android에서 WIFI 스캔을 수행하여 AP 정보와 신호 강도를 수집한 후 유사도 측정 알고리즘을 이용하여 가장 유사한 지문과 매칭하여 장소를 인식합니다. 하지만 실제 배포 환경
The document discusses network security and VPN tunnelling. It introduces VPN tunnelling as a way to secure communications over an unsecured network by encrypting the traffic. It describes how tunnelling works by encrypting the traffic and creating a secure tunnel for data transmission. It also discusses SSL/TLS and how it can be used to implement VPN tunnelling by encrypting the traffic and authenticating devices and packets.
Ipv6 test plan for opnfv poc v2.2 spirent-vctlabIben Rodriguez
This document outlines test plans and requirements for testing IPv6 in an OPNFV PoC v2.0 environment using OpenStack Liberty and ODL Lithium SR2. It details:
(1) Setting up an IPv6 service VM in OpenStack with ODL controller capability for IPv6 routing and address advertisement.
(2) A test design and steps for setting up infrastructure, ODL and OpenStack controllers, and compute nodes.
(3) Positive test cases to validate IPv6 and IPv4 connectivity between VMs, routers and external DNS via ping, traceroute from the VM and service VM.
(4) References for IPv6 configuration and testing in Linux.
DevStack is an OpenStack installation tool that allows users to quickly deploy OpenStack on a virtual machine. The document outlines the steps to install DevStack on Ubuntu, including preparing the virtual machine, adding a stack user, downloading DevStack, configuring local.conf, and running stack.sh to start the installation. Basic operations like launching instances from the dashboard and using the OpenStack client are also demonstrated.
Training Slides: Intermediate 201: Single and Multi-Site Tungsten Clustering ...Continuent
This document discusses an intermediate-level course on single and multi-site MySQL cluster deployments for high availability and disaster recovery using Continuent Tungsten. The course covers Tungsten cluster architecture, installation prerequisites, doing an end-to-end installation demo on Amazon EC2, and key command line tools and resources for managing and monitoring Tungsten clusters.
1. The document discusses OpenStack networking-sfc and flow analysis. It provides details on setting up an OpenStack environment with networking-sfc, including creating ports, virtual networks, and VMs for a service function chaining scenario. 2. Flow analysis is shown for the br-int and br-tun bridges, including resubmitting packets between tables based on port numbers or MAC address. 3. Key steps shown include installing networking-sfc, creating a virtual router, generating ports for each VM, and booting VMs with dual interfaces for the service function VMs.
This document discusses various techniques for advanced network forensics, including user/password cracking using Hydra, port scanning using Nmap, signature detection by analyzing file types in network payloads, and detecting converted file formats like MIME encoding. It provides examples of using tools like Hydra, Nmap, and Snort rules to detect activities like password cracking, port scanning, and the transmission of files like PDFs and images over the network.
The document provides an overview of network security topics including SIEM, logs, NetFlow, web logs, and compliance standards. It discusses how SIEM systems aggregate and correlate log/event data from multiple sources to provide security monitoring, incident response, forensic analysis and compliance reporting capabilities. Specific topics covered include syslog, NetFlow for network monitoring, and examples of web server logs and the types of data that can be extracted from logs for security purposes. Compliance standards like PCI-DSS and SOX are also mentioned in relation to why log collection and monitoring is important for audit requirements.
This document summarizes the key components and interfaces involved in WiFi functionality in the Linux and Android systems. It describes the software stack from applications down to the WiFi driver, protocols, and hardware. Key elements mentioned include wpa_supplicant, the nl80211 framework, the WiFi HAL, WifiManager, and the driver's PCI and net_device interfaces.
Wpa_supplicant is a widely used implementation of an IEEE 802.11i supplicant for Linux and other platforms. It implements WPA and WPA2 security protocols as well as RSN, PMKSA caching, pre-authentication, 802.11r, 802.11w, and Wi-Fi Protected Setup (WPS). Wpa_supplicant initializes interfaces by reading configuration files, setting up drivers via cfg80211 and libnl, and starting an event loop to monitor network events. It can access layer 2 packets using l2_packet to support functions like TDLS.
Multicloud connectivity using OpenNHRPBob Melander
The document discusses using OpenNHRP to enable multicloud connectivity across hybrid cloud deployments. It provides instructions for installing and configuring OpenNHRP on Ubuntu to set up a dynamic multipoint VPN (DMVPN) with one hub and two spoke nodes in different cloud environments. The configuration allows the spoke nodes to connect directly via an encrypted GRE tunnel without traversing the hub, providing optimized traffic flow across clouds.
How deep is your buffer – Demystifying buffers and application performanceCumulus Networks
Packet buffer memory is among the oldest topics in networking, and yet it never seems to fade in popularity. Starting from the days of buffers sized by the bandwidth delay product to what is now called "buffer bloat", from the days of 10Mbps to 100Gbps, the discussion around how deep should the buffers be never ceases to evoke opinionated responses.
In this webinar we will be joined by JR Rivers, co-founder and CTO of Cumulus Networks, a man who has designed many ultra-successful switching chips, switch products, and compute platforms, to discuss the innards of buffering. This webinar will cover data path theory, tools to evaluate network data path behavior, and the configuration variations that affect application visible outcomes.
[Guest lecturer]
Place: University of Twente
Course: Network Security
Audience: bachelor students of computer science and electrical engineer, master students of computer science and telematics, master students from the 3TU cyber security, and members of ICT labs.
This document provides instructions for configuring a MikroTik router for basic network services including:
- Setting up DHCP services to assign IP addresses to client devices on the network
- Configuring NAT and firewall rules to provide internet access and bandwidth limiting
- Setting up a wireless network with SSID and password for client devices to connect
- Port forwarding for IP security cameras on the network
The document contains step-by-step details for completing these configurations on a MikroTik router to meet a customer's basic network requirements.
In this deck from the DDN User Group at ISC 2018, Dr. Peter Clapham from the Sanger Institute presents: Enabling a Secure Multi-Tenant Environment for HPC.
Learn more: https://insidehpc.com/2018/06/ddn-acquires-lustre-business-unit-intel/
and
https://www.ddn.com/company/events/isc-user-group/
Sign up for our insideHPC Newsletter: http://insidehpc.com/newsletter
This document provides instructions for configuring a MikroTik router for a local area network (LAN) topology. It describes setting up the router interfaces, IP addresses, gateway, DNS, NAT firewall rules to allow clients to access the internet, and a proxy to block specific websites. The configuration is tested by checking if blocked sites like Facebook and YouTube result in an error page.
QUIC is a new transport protocol developed by Google that aims to solve issues with TCP and TLS by multiplexing streams over UDP. It includes features like stream multiplexing, connection migration, 0-RTT connection establishment, and forward error correction. The document provides technical details on QUIC including its version history, wire format specifications, frame types, cryptographic handshake process, and examples of 0-RTT, 1-RTT, and 2-RTT connection establishment.
QUIC is a new protocol developed by Google that runs on top of UDP to create a more efficient transport layer than traditional TCP. It aims to reduce latency through features like 0-RTT connection establishment and forward error correction. QUIC has been adopted by Chrome and is planned for wide deployment on ports 80 and 443 within the next 1-2 years. It influenced the development of HTTP/2 and could provide better performance than SPDY and TCP for internet applications.
This webinar presentation from July 2017 talks about the challenges that network operators and IT folks face after the network is configured. How do you handle changes after the initial configuration? What about rolling in new racks or DCs? Learn how DevOps can help with validation, troubleshooting, and life cycle management. Full recording of webinar can be accessed at http://go.cumulusnetworks.com/l/32472/2017-05-04/91sy7b
QUIC is a new transport protocol developed by Google to replace TCP+TLS. It aims to reduce latency by eliminating OSI layers and supporting features like 0-RTT handshakes. The document provides a high-level overview of QUIC including its architecture, use of TLS 1.3, streams for multiplexing data, and support for features like connection migration through the use of connection IDs. It also discusses QUIC's current implementation status and adoption. Examples are given of QUIC packets and the handshake process.
The document discusses network security and VPN tunnelling. It introduces VPN tunnelling as a way to secure communications over an unsecured network by encrypting the traffic. It describes how tunnelling works by encrypting the traffic and creating a secure tunnel for data transmission. It also discusses SSL/TLS and how it can be used to implement VPN tunnelling by encrypting the traffic and authenticating devices and packets.
Ipv6 test plan for opnfv poc v2.2 spirent-vctlabIben Rodriguez
This document outlines test plans and requirements for testing IPv6 in an OPNFV PoC v2.0 environment using OpenStack Liberty and ODL Lithium SR2. It details:
(1) Setting up an IPv6 service VM in OpenStack with ODL controller capability for IPv6 routing and address advertisement.
(2) A test design and steps for setting up infrastructure, ODL and OpenStack controllers, and compute nodes.
(3) Positive test cases to validate IPv6 and IPv4 connectivity between VMs, routers and external DNS via ping, traceroute from the VM and service VM.
(4) References for IPv6 configuration and testing in Linux.
DevStack is an OpenStack installation tool that allows users to quickly deploy OpenStack on a virtual machine. The document outlines the steps to install DevStack on Ubuntu, including preparing the virtual machine, adding a stack user, downloading DevStack, configuring local.conf, and running stack.sh to start the installation. Basic operations like launching instances from the dashboard and using the OpenStack client are also demonstrated.
Training Slides: Intermediate 201: Single and Multi-Site Tungsten Clustering ...Continuent
This document discusses an intermediate-level course on single and multi-site MySQL cluster deployments for high availability and disaster recovery using Continuent Tungsten. The course covers Tungsten cluster architecture, installation prerequisites, doing an end-to-end installation demo on Amazon EC2, and key command line tools and resources for managing and monitoring Tungsten clusters.
1. The document discusses OpenStack networking-sfc and flow analysis. It provides details on setting up an OpenStack environment with networking-sfc, including creating ports, virtual networks, and VMs for a service function chaining scenario. 2. Flow analysis is shown for the br-int and br-tun bridges, including resubmitting packets between tables based on port numbers or MAC address. 3. Key steps shown include installing networking-sfc, creating a virtual router, generating ports for each VM, and booting VMs with dual interfaces for the service function VMs.
This document discusses various techniques for advanced network forensics, including user/password cracking using Hydra, port scanning using Nmap, signature detection by analyzing file types in network payloads, and detecting converted file formats like MIME encoding. It provides examples of using tools like Hydra, Nmap, and Snort rules to detect activities like password cracking, port scanning, and the transmission of files like PDFs and images over the network.
The document provides an overview of network security topics including SIEM, logs, NetFlow, web logs, and compliance standards. It discusses how SIEM systems aggregate and correlate log/event data from multiple sources to provide security monitoring, incident response, forensic analysis and compliance reporting capabilities. Specific topics covered include syslog, NetFlow for network monitoring, and examples of web server logs and the types of data that can be extracted from logs for security purposes. Compliance standards like PCI-DSS and SOX are also mentioned in relation to why log collection and monitoring is important for audit requirements.
This document summarizes the key components and interfaces involved in WiFi functionality in the Linux and Android systems. It describes the software stack from applications down to the WiFi driver, protocols, and hardware. Key elements mentioned include wpa_supplicant, the nl80211 framework, the WiFi HAL, WifiManager, and the driver's PCI and net_device interfaces.
Wpa_supplicant is a widely used implementation of an IEEE 802.11i supplicant for Linux and other platforms. It implements WPA and WPA2 security protocols as well as RSN, PMKSA caching, pre-authentication, 802.11r, 802.11w, and Wi-Fi Protected Setup (WPS). Wpa_supplicant initializes interfaces by reading configuration files, setting up drivers via cfg80211 and libnl, and starting an event loop to monitor network events. It can access layer 2 packets using l2_packet to support functions like TDLS.
Multicloud connectivity using OpenNHRPBob Melander
The document discusses using OpenNHRP to enable multicloud connectivity across hybrid cloud deployments. It provides instructions for installing and configuring OpenNHRP on Ubuntu to set up a dynamic multipoint VPN (DMVPN) with one hub and two spoke nodes in different cloud environments. The configuration allows the spoke nodes to connect directly via an encrypted GRE tunnel without traversing the hub, providing optimized traffic flow across clouds.
How deep is your buffer – Demystifying buffers and application performanceCumulus Networks
Packet buffer memory is among the oldest topics in networking, and yet it never seems to fade in popularity. Starting from the days of buffers sized by the bandwidth delay product to what is now called "buffer bloat", from the days of 10Mbps to 100Gbps, the discussion around how deep should the buffers be never ceases to evoke opinionated responses.
In this webinar we will be joined by JR Rivers, co-founder and CTO of Cumulus Networks, a man who has designed many ultra-successful switching chips, switch products, and compute platforms, to discuss the innards of buffering. This webinar will cover data path theory, tools to evaluate network data path behavior, and the configuration variations that affect application visible outcomes.
[Guest lecturer]
Place: University of Twente
Course: Network Security
Audience: bachelor students of computer science and electrical engineer, master students of computer science and telematics, master students from the 3TU cyber security, and members of ICT labs.
This document provides instructions for configuring a MikroTik router for basic network services including:
- Setting up DHCP services to assign IP addresses to client devices on the network
- Configuring NAT and firewall rules to provide internet access and bandwidth limiting
- Setting up a wireless network with SSID and password for client devices to connect
- Port forwarding for IP security cameras on the network
The document contains step-by-step details for completing these configurations on a MikroTik router to meet a customer's basic network requirements.
In this deck from the DDN User Group at ISC 2018, Dr. Peter Clapham from the Sanger Institute presents: Enabling a Secure Multi-Tenant Environment for HPC.
Learn more: https://insidehpc.com/2018/06/ddn-acquires-lustre-business-unit-intel/
and
https://www.ddn.com/company/events/isc-user-group/
Sign up for our insideHPC Newsletter: http://insidehpc.com/newsletter
This document provides instructions for configuring a MikroTik router for a local area network (LAN) topology. It describes setting up the router interfaces, IP addresses, gateway, DNS, NAT firewall rules to allow clients to access the internet, and a proxy to block specific websites. The configuration is tested by checking if blocked sites like Facebook and YouTube result in an error page.
QUIC is a new transport protocol developed by Google that aims to solve issues with TCP and TLS by multiplexing streams over UDP. It includes features like stream multiplexing, connection migration, 0-RTT connection establishment, and forward error correction. The document provides technical details on QUIC including its version history, wire format specifications, frame types, cryptographic handshake process, and examples of 0-RTT, 1-RTT, and 2-RTT connection establishment.
QUIC is a new protocol developed by Google that runs on top of UDP to create a more efficient transport layer than traditional TCP. It aims to reduce latency through features like 0-RTT connection establishment and forward error correction. QUIC has been adopted by Chrome and is planned for wide deployment on ports 80 and 443 within the next 1-2 years. It influenced the development of HTTP/2 and could provide better performance than SPDY and TCP for internet applications.
This webinar presentation from July 2017 talks about the challenges that network operators and IT folks face after the network is configured. How do you handle changes after the initial configuration? What about rolling in new racks or DCs? Learn how DevOps can help with validation, troubleshooting, and life cycle management. Full recording of webinar can be accessed at http://go.cumulusnetworks.com/l/32472/2017-05-04/91sy7b
QUIC is a new transport protocol developed by Google to replace TCP+TLS. It aims to reduce latency by eliminating OSI layers and supporting features like 0-RTT handshakes. The document provides a high-level overview of QUIC including its architecture, use of TLS 1.3, streams for multiplexing data, and support for features like connection migration through the use of connection IDs. It also discusses QUIC's current implementation status and adoption. Examples are given of QUIC packets and the handshake process.
This document provides a summary of common Linux network tools including ifconfig, netstat, route, ping, traceroute, iptables, netcat, rinetd, tcpdump, and tcpreplay. It describes what each tool is used for at a high level, such as configuring network interfaces, displaying network status, manipulating network routes, testing network connectivity, implementing firewalls, and capturing/replaying network traffic. The document also provides basic introductions to IPv4 and IPv6 addressing and routing concepts.
The document discusses reverse engineering the firmware of Swisscom's Centro Grande modems. It identifies several vulnerabilities found, including a command overflow issue that allows complete control of the device by exceeding the input buffer, and multiple buffer overflow issues that can be exploited to execute code remotely by crafting specially formatted XML files. Details are provided on the exploitation techniques and timeline of coordination with Swisscom to address the vulnerabilities.
Talk by Brendan Gregg for All Things Open 2018. "At over one thousand code commits per week, it's hard to keep up with Linux developments. This keynote will summarize recent Linux performance features,
for a wide audience: the KPTI patches for Meltdown, eBPF for performance observability and the new open source tools that use it, Kyber for disk I/O sc
heduling, BBR for TCP congestion control, and more. This is about exposure: knowing what exists, so you can learn and use it later when needed. Get the
most out of your systems with the latest Linux kernels and exciting features."
The document discusses various network security tools including TCP/IP headers, tcpdump, ethereal, ntop, MRTG, network scanners like Nmap and Nessus. It provides examples of using these tools to analyze network traffic, scan for open ports, detect operating systems, and monitor network usage.
Presented at LISA18: https://www.usenix.org/conference/lisa18/presentation/babrou
This is a technical dive into how we used eBPF to solve real-world issues uncovered during an innocent OS upgrade. We'll see how we debugged 10x CPU increase in Kafka after Debian upgrade and what lessons we learned. We'll get from high-level effects like increased CPU to flamegraphs showing us where the problem lies to tracing timers and functions calls in the Linux kernel.
The focus is on tools what operational engineers can use to debug performance issues in production. This particular issue happened at Cloudflare on a Kafka cluster doing 100Gbps of ingress and many multiple of that egress.
The document provides instructions for a lab on Snort and firewall rules. It describes:
1) Setting up the virtual environment and configuring networking on the CyberOps Workstation VM.
2) Explaining the differences between firewall and IDS rules while noting their similarities, such as both having matching and action components.
3) Having students run commands to start a malware server, use Snort to monitor traffic, and download a file from the server to trigger an alert, observing the alert in the Snort log.
BRKRST-3068 Troubleshooting Catalyst 2K and 3K.pdfssusercbaa33
This document provides an overview of troubleshooting Catalyst 2K and 3K switches. It discusses monitoring system resources like CPU usage, port ASICs, memory and TCAM. Common issues covered include link problems, hardware failures, and high CPU. A variety of show commands are provided to monitor resources, analyze errors and diagnose potential causes. The goal is to identify and solve access layer incidents with confidence.
AtlasCamp 2015 Docker continuous integration trainingSteve Smith
A 2-hour training session delivered at AtlasCamp in Prague, June 9th 2015.
* Docker vs virtual machines
* Docker concepts
* Docker for testing
* Automation with Docker Compose
* Continuous integration with Bamboo Docker support
* Extracting test results from Docker containers
* Continuous deployment with deployment environments
The document contains the solution to questions about analyzing the TCP traffic between a client computer (192.168.1.72) and gaia.cs.umass.edu (128.119.245.12) captured in a Wireshark trace. It identifies the IP addresses and port numbers used, sequence numbers of SYN, SYNACK segments, and provides the sequence numbers and transmission times of the first six segments along with their round trip times.
This document provides an outline for Lecture 4 on UNIX OS networking. It discusses TCP/IP and the OSI model, IP and MAC addressing, networking commands like ping, traceroute, arp, ifconfig and route. It also gives an overview of common UNIX command line tools like cut, diff, grep, strings, tr and uniq along with examples of using each tool.
Intro to Packet Analysis - pfSense Hangout May 2014Netgate
This document summarizes an introduction to packet analysis presentation. It covers the basics of analyzing traffic at layers 2 through 4, including MAC addresses, IP addresses, TCP and UDP ports and protocols. Specific examples are provided of capturing TCP and UDP traffic in different states like established connections, rejected attempts and responses. ICMP traffic analysis is also introduced through ping examples. Methods for capturing traffic are demonstrated including tcpdump commands and filters. Potential uses of packet analysis like troubleshooting bandwidth usage, VPNs, port forwarding and routing are listed. The presentation ends with case studies on analyzing a DDoS bot and a TCP window size of 0 issue.
This document discusses strategies for packaging and implementing a community OpenStack distribution and provides examples of how it has been used to build various infrastructure platforms including: 1) migrating from a commercial to community OpenStack distribution; 2) building a GPU server farm for AI/analytics; 3) providing flexibility to run workloads on OpenStack or AWS; 4) building an IoT platform using OpenStack and AWS; and 5) creating a map data platform using large shared storage.
This document discusses moving a Tomcat cluster to the cloud. It begins with an introduction of the speaker and overview of sessions replication in a Tomcat cluster. It then covers challenges in moving a cluster to the cloud due to lack of multicast support and proposes a solution using Kubernetes APIs for peer discovery. The rest of the document demonstrates setting up Tomcat on OpenShift/Kubernetes, including creating Docker images, configuring roles and users, and deploying Tomcat pods. It ends with suggestions for next steps in building an on-premise cloud and links to further resources.
This document provides information on various debugging and profiling tools that can be used for Ruby including:
- lsof to list open files for a process
- strace to trace system calls and signals
- tcpdump to dump network traffic
- google perftools profiler for CPU profiling
- pprof to analyze profiling data
It also discusses how some of these tools have helped identify specific performance issues with Ruby like excessive calls to sigprocmask and memcpy calls slowing down EventMachine with threads.
Similar to OSTU - Sake Blok on Packet Capturing with Tshark (20)
Wayne Shorter asked Tina Turner what she wanted in life after finding her scrubbing his kitchen floor. This prompted her to reflect deeply and create a life mission statement to help set a clear direction. With a mission statement, she was able to see how the things she dreamed about could support her purpose in life. Reflecting deeply allowed her to gain clarity on herself and what needed to change for her to be happy and successful. Her jazz musician friends like Wayne Shorter and Herbie Hancock had helped her through difficult times and inspired her to never give up on her dreams.
4/2/2024 - Fourth Noble Truth • Mindfulness Meditation and Dharma Talk with V...Denny K
This document outlines the Fourth Noble Truth, which is the Noble Eightfold Path. It begins by reviewing the Third Noble Truth of cessation of suffering. It then provides an in-depth explanation of each factor of the Eightfold Path: right view, right intention, right speech, right action, right livelihood, right effort, right mindfulness, and right concentration. It discusses how each factor is developed through a gradual training of morality, concentration, and wisdom. It also covers key Buddhist concepts like the four noble truths, karma, renunciation, generosity, loving-kindness, compassion, and meditation practices to cultivate these qualities.
The document provides guidance on transforming problems into opportunities for growth. It discusses using chanting and meditation to elevate one's life condition and outlook, so that any obstacles faced can be viewed as lessons to learn. The example is given of transforming food poisoning and fatigue into strength through chanting, which allowed the author to give a powerful performance despite difficult conditions. The key messages are that we should take responsibility for our situations rather than blame others, and that every problem contains potential for becoming wiser and stronger.
The document discusses the Buddhist concept of "changing poison into medicine" which means facing problems and using them to increase wisdom, courage, and compassion rather than allowing problems to make the situation worse. It shares how the author was initially unable to see how her problems could be of value but learned from older Japanese women who had faced immense hardships how to transform difficulties into benefits through Buddhist practice.
This document discusses practicing the four immeasurables of Buddhism - loving kindness, compassion, empathetic joy, and equanimity. It then talks about summoning positive thoughts and well-wishes for friends. The next section is about transforming one's consciousness and learning to love oneself unconditionally, including all imperfections. After an epiphany about internalized negativity from childhood, the author made a vow to replace unhealthy thoughts with positive ones in order to stop comparing themselves to others and truly love their own form.
3:5:2024 - Third Noble Truth • Mindfulness Meditation and Dharma Talk with Ve...Denny K
The document discusses the Third Noble Truth of Buddhism - that the cessation of suffering can be achieved through abandoning craving and attachment. It provides context on Buddhist psychology and how its goal is to alleviate suffering through contemplative practices and applying Buddha's teachings. Key points covered include how cessation involves allowing desires to arise and cease naturally without grasping, the importance of mindfulness meditation, and how more than just desires but also past experiences will surface during the process.
This document provides guidance on practicing the four immeasurables (kindness, compassion, joy, and equanimity) through chanting and maintaining positive thoughts. It discusses how thoughts and brain waves are connected, and how chanting can align brain waves with beneficial frequency ranges. The document advocates for viewing Buddhism as a science of the mind and spirit, and shares the author's personal experience benefiting from spiritual practice when facing health challenges.
2/6/2023 - Second Noble Truth • Mindfulness Meditation and Dharma Talk with V...Denny K
The Second Noble Truth identifies craving as the origin of suffering. Craving manifests in three forms - craving for sensual pleasures, craving for existence, and craving for non-existence. The sutta on craving outlines 36 internal and external "craving-verbalizations" that express craving. Addiction is characterized by compulsive behavior, impaired control, persistence despite harm, and craving. Meditation practices can help address craving and addiction.
This document summarizes Tina Turner's spiritual journey practicing Nichiren Buddhism. It describes how chanting Nam-Myoho-Renge-Kyo helped her gain strength and clarity to leave her abusive marriage and find freedom and community practicing Buddhism with others. Her daily chanting practice helped transform her life and bring her dreams to fruition.
This document describes the Buddhist concept of the Ten Worlds, which outlines ten categories of human life conditions ranging from suffering to enlightenment. It explains each of the ten worlds - Hell, Hunger, Animality, Anger, Tranquility, Heaven, Learning, Realization, Bodhisattva, and Buddhahood - and how they represent different states of mind and levels of happiness or suffering. The document uses these concepts to provide insight into the narrator's own experiences growing up in a challenging environment and how chanting Nam-myoho-renge-kyo helped her develop greater strength and awareness to improve her life condition.
The document provides an autobiographical summary of Tina Turner's childhood. It describes how she was raised by her strict grandparents after her parents left when she was young. She found solace in nature and enjoyed singing in her church choir. After her cousin died, her mother invited her to live in St. Louis, starting a new chapter in her life. At 17, she met two men who would influence her career in music.
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...Jason Yip
The typical problem in product engineering is not bad strategy, so much as “no strategy”. This leads to confusion, lack of motivation, and incoherent action. The next time you look for a strategy and find an empty space, instead of waiting for it to be filled, I will show you how to fill it in yourself. If you’re wrong, it forces a correction. If you’re right, it helps create focus. I’ll share how I’ve approached this in the past, both what works and lessons for what didn’t work so well.
What is an RPA CoE? Session 1 – CoE VisionDianaGray10
In the first session, we will review the organization's vision and how this has an impact on the COE Structure.
Topics covered:
• The role of a steering committee
• How do the organization’s priorities determine CoE Structure?
Speaker:
Chris Bolin, Senior Intelligent Automation Architect Anika Systems
Skybuffer SAM4U tool for SAP license adoptionTatiana Kojar
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/temporal-event-neural-networks-a-more-efficient-alternative-to-the-transformer-a-presentation-from-brainchip/
Chris Jones, Director of Product Management at BrainChip , presents the “Temporal Event Neural Networks: A More Efficient Alternative to the Transformer” tutorial at the May 2024 Embedded Vision Summit.
The expansion of AI services necessitates enhanced computational capabilities on edge devices. Temporal Event Neural Networks (TENNs), developed by BrainChip, represent a novel and highly efficient state-space network. TENNs demonstrate exceptional proficiency in handling multi-dimensional streaming data, facilitating advancements in object detection, action recognition, speech enhancement and language model/sequence generation. Through the utilization of polynomial-based continuous convolutions, TENNs streamline models, expedite training processes and significantly diminish memory requirements, achieving notable reductions of up to 50x in parameters and 5,000x in energy consumption compared to prevailing methodologies like transformers.
Integration with BrainChip’s Akida neuromorphic hardware IP further enhances TENNs’ capabilities, enabling the realization of highly capable, portable and passively cooled edge devices. This presentation delves into the technical innovations underlying TENNs, presents real-world benchmarks, and elucidates how this cutting-edge approach is positioned to revolutionize edge AI across diverse applications.
The Microsoft 365 Migration Tutorial For Beginner.pptxoperationspcvita
This presentation will help you understand the power of Microsoft 365. However, we have mentioned every productivity app included in Office 365. Additionally, we have suggested the migration situation related to Office 365 and how we can help you.
You can also read: https://www.systoolsgroup.com/updates/office-365-tenant-to-tenant-migration-step-by-step-complete-guide/
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving
Manufacturing custom quality metal nameplates and badges involves several standard operations. Processes include sheet prep, lithography, screening, coating, punch press and inspection. All decoration is completed in the flat sheet with adhesive and tooling operations following. The possibilities for creating unique durable nameplates are endless. How will you create your brand identity? We can help!
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor IvaniukFwdays
At this talk we will discuss DDoS protection tools and best practices, discuss network architectures and what AWS has to offer. Also, we will look into one of the largest DDoS attacks on Ukrainian infrastructure that happened in February 2022. We'll see, what techniques helped to keep the web resources available for Ukrainians and how AWS improved DDoS protection for all customers based on Ukraine experience
In the realm of cybersecurity, offensive security practices act as a critical shield. By simulating real-world attacks in a controlled environment, these techniques expose vulnerabilities before malicious actors can exploit them. This proactive approach allows manufacturers to identify and fix weaknesses, significantly enhancing system security.
This presentation delves into the development of a system designed to mimic Galileo's Open Service signal using software-defined radio (SDR) technology. We'll begin with a foundational overview of both Global Navigation Satellite Systems (GNSS) and the intricacies of digital signal processing.
The presentation culminates in a live demonstration. We'll showcase the manipulation of Galileo's Open Service pilot signal, simulating an attack on various software and hardware systems. This practical demonstration serves to highlight the potential consequences of unaddressed vulnerabilities, emphasizing the importance of offensive security practices in safeguarding critical infrastructure.
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
How information systems are built or acquired puts information, which is what they should be about, in a secondary place. Our language adapted accordingly, and we no longer talk about information systems but applications. Applications evolved in a way to break data into diverse fragments, tightly coupled with applications and expensive to integrate. The result is technical debt, which is re-paid by taking even bigger "loans", resulting in an ever-increasing technical debt. Software engineering and procurement practices work in sync with market forces to maintain this trend. This talk demonstrates how natural this situation is. The question is: can something be done to reverse the trend?
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsDianaGray10
Join us to learn how UiPath Apps can directly and easily interact with prebuilt connectors via Integration Service--including Salesforce, ServiceNow, Open GenAI, and more.
The best part is you can achieve this without building a custom workflow! Say goodbye to the hassle of using separate automations to call APIs. By seamlessly integrating within App Studio, you can now easily streamline your workflow, while gaining direct access to our Connector Catalog of popular applications.
We’ll discuss and demo the benefits of UiPath Apps and connectors including:
Creating a compelling user experience for any software, without the limitations of APIs.
Accelerating the app creation process, saving time and effort
Enjoying high-performance CRUD (create, read, update, delete) operations, for
seamless data management.
Speakers:
Russell Alfeche, Technology Leader, RPA at qBotic and UiPath MVP
Charlie Greenberg, host
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframePrecisely
Inconsistent user experience and siloed data, high costs, and changing customer expectations – Citizens Bank was experiencing these challenges while it was attempting to deliver a superior digital banking experience for its clients. Its core banking applications run on the mainframe and Citizens was using legacy utilities to get the critical mainframe data to feed customer-facing channels, like call centers, web, and mobile. Ultimately, this led to higher operating costs (MIPS), delayed response times, and longer time to market.
Ever-changing customer expectations demand more modern digital experiences, and the bank needed to find a solution that could provide real-time data to its customer channels with low latency and operating costs. Join this session to learn how Citizens is leveraging Precisely to replicate mainframe data to its customer channels and deliver on their “modern digital bank” experiences.
6. How to: capture packets Sake Blok on… Packet Capturing with Tshark Network analysis Community Center (http://www.netcc.nl) June 2008 $ tshark Capturing on Adapter for generic dialup and VPN capture 0 packets captured $ $ tshark -D 1. evicePF_GenericDialupAdapter (Adapter for generic dialup and VPN capture) 2. evicePF_{F8E714B2-428F-4B47-900D-89F7F8FD36CD} (Bluetooth BNEP from TOSHIBA (Microsoft's Packet Scheduler) ) 3. evicePF_{E98FD95C-9205-4947-9BF5-03384D116392} (VMware Virtual Ethernet Adapter) 4. evicePF_{424EA318-CC86-475C-802A-5D52D0C21531} (Broadcom NetXtreme Gigabit Ethernet Driver (Microsoft's Packet Scheduler) ) 5. evicePF_{B730145F-C8D2-4FBA-B729-8092004A80CA} (VMware Virtual Ethernet Adapter) $ $ tshark -i 4 Capturing on Broadcom NetXtreme Gigabit Ethernet Driver (Microsoft's Packet Scheduler) 0.000000 192.168.1.30 -> 192.168.1.10 DNS Standard query A news.google.nl 0.386202 192.168.1.10 -> 192.168.1.30 DNS Standard query response CNAME news.google.com CNAME news.l.google.com A 64.233.183.104 A 64.233.183.99 A 64.233.183.147 0.395150 192.168.1.30 -> 64.233.183.104 TCP 7615 > http [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=1 0.407587 64.233.183.104 -> 192.168.1.30 TCP http > 7615 [SYN, ACK] Seq=0 Ack=1 Win=5720 Len=0 MSS=1430 WS=6 0.407667 192.168.1.30 -> 64.233.183.104 TCP 7615 > http [ACK] Seq=1 Ack=1 Win=128000 Len=0 5 packets captured $
7. How to: filter packets while capturing Sake Blok on… Packet Capturing with Tshark Network analysis Community Center (http://www.netcc.nl) June 2008 $ tshark -i 4 -f "tcp port 80" Capturing on Broadcom NetXtreme Gigabit Ethernet Driver (Microsoft's Packet Scheduler) 0.000000 192.168.1.30 -> 66.249.91.99 TCP 7733 > http [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=1 0.014764 66.249.91.99 -> 192.168.1.30 TCP http > 7733 [SYN, ACK] Seq=0 Ack=1 Win=5720 Len=0 MSS=1430 WS=6 0.014805 192.168.1.30 -> 66.249.91.99 TCP 7733 > http [ACK] Seq=1 Ack=1 Win=128000 Len=0 0.014913 192.168.1.30 -> 66.249.91.99 HTTP GET / HTTP/1.1 0.039218 66.249.91.99 -> 192.168.1.30 TCP http > 7733 [ACK] Seq=1 Ack=626 Win=6976 Len=0 0.050645 66.249.91.99 -> 192.168.1.30 TCP [TCP segment of a reassembled PDU] 0.055158 66.249.91.99 -> 192.168.1.30 TCP [TCP segment of a reassembled PDU] 0.055224 192.168.1.30 -> 66.249.91.99 TCP 7733 > http [ACK] Seq=626 Ack=2861 Win=128000 Len=0 0.055409 66.249.91.99 -> 192.168.1.30 HTTP HTTP/1.1 200 OK (text/html) 0.214538 192.168.1.30 -> 66.249.91.99 TCP 7733 > http [ACK] Seq=626 Ack=3017 Win=127844 Len=0 10 packets captured $ Commonly used capture filters: host 1.1.1.1 capture only traffic to and from 1.1.1.1 host 1.1.1.1 and host 2.2.2.2 capture only traffic between 1.1.1.1 and 2.2.2.2 not host 1.1.1.1 capture all traffic except packets to or from 1.1.1.1 tcp port 80 capture only packets to or from port 80 (http traffic) not tcp port 80 capture all traffic except http traffic udp port 53 or tcp port 80 capture all http and dns traffic host 1.1.1.1 and tcp port 80 capture all http traffic to or from host 1.1.1.1 More information on capture filters: http://wiki.wireshark.org/CaptureFilters http://www.tcpdump.org/tcpdump_man.html
8. How to: save the packets to a file and read packets from a file Sake Blok on… Packet Capturing with Tshark Network analysis Community Center (http://www.netcc.nl) June 2008 $ tshark -i 4 -w example.cap Capturing on Broadcom NetXtreme Gigabit Ethernet Driver (Microsoft's Packet Scheduler) 24 $ $ tshark -i 4 -S -w example.cap Capturing on Broadcom NetXtreme Gigabit Ethernet Driver (Microsoft's Packet Scheduler) 0.000000 192.168.1.30 -> 66.249.91.147 TCP 7799 > http [ACK] Seq=1 Ack=1 Win=63921 Len=0 3.124075 192.168.1.30 -> 66.249.91.147 HTTP GET / HTTP/1.1 3.155090 66.249.91.147 -> 192.168.1.30 TCP [TCP segment of a reassembled PDU] 3.159533 66.249.91.147 -> 192.168.1.30 TCP [TCP segment of a reassembled PDU] 3.159577 192.168.1.30 -> 66.249.91.147 TCP 7799 > http [ACK] Seq=626 Ack=2861 Win=64000 Len=0 3.159951 66.249.91.147 -> 192.168.1.30 HTTP HTTP/1.1 200 OK (text/html) 3.281214 192.168.1.30 -> 66.249.91.147 TCP 7799 > http [ACK] Seq=626 Ack=3019 Win=63921 Len=0 7 packets captured $ $ tshark -r example.cap 1 0.000000 192.168.1.30 -> 66.249.91.147 TCP 7799 > http [ACK] Seq=1 Ack=1 Win=63921 Len=0 2 3.124075 192.168.1.30 -> 66.249.91.147 HTTP GET / HTTP/1.1 3 3.155090 66.249.91.147 -> 192.168.1.30 TCP [TCP segment of a reassembled PDU] 4 3.159533 66.249.91.147 -> 192.168.1.30 TCP [TCP segment of a reassembled PDU] 5 3.159577 192.168.1.30 -> 66.249.91.147 TCP 7799 > http [ACK] Seq=626 Ack=2861 Win=64000 Len=0 6 3.159951 66.249.91.147 -> 192.168.1.30 HTTP HTTP/1.1 200 OK (text/html) 7 3.281214 192.168.1.30 -> 66.249.91.147 TCP 7799 > http [ACK] Seq=626 Ack=3019 Win=63921 Len=0 $
9. How to: display only packets of interest Sake Blok on… Packet Capturing with Tshark Network analysis Community Center (http://www.netcc.nl) June 2008 $ tshark -r example.cap http.host=="www.google.nl" 2 1.216981 192.168.1.30 -> 66.249.91.103 HTTP GET /intl/nl/about.html HTTP/1.1 14 1.620838 192.168.1.30 -> 66.249.91.103 HTTP GET /images/google_80wht.gif HTTP/1.1 21 1.653392 192.168.1.30 -> 66.249.91.103 HTTP GET /intl/nl/images/icons/about_toolbar.gif HTTP/1.1 23 1.654117 192.168.1.30 -> 66.249.91.103 HTTP GET /intl/nl/images/icons/about_dns_icon.gif HTTP/1.1 $ $ tshark -ta -r example.cap http.host=="www.google.nl" 2 17:58:29.866889 192.168.1.30 -> 66.249.91.103 HTTP GET /intl/nl/about.html HTTP/1.1 14 17:58:30.270746 192.168.1.30 -> 66.249.91.103 HTTP GET /images/google_80wht.gif HTTP/1.1 21 17:58:30.303300 192.168.1.30 -> 66.249.91.103 HTTP GET /intl/nl/images/icons/about_toolbar.gif HTTP/1.1 23 17:58:30.304025 192.168.1.30 -> 66.249.91.103 HTTP GET /intl/nl/images/icons/about_dns_icon.gif HTTP/1.1 $ $ tshark -ta -Nn -r example.cap http.host=="www.google.nl" 2 17:58:29.866889 laptop-lan.local -> ik-in-f103.google.com HTTP GET /intl/nl/about.html HTTP/1.1 14 17:58:30.270746 laptop-lan.local -> ik-in-f103.google.com HTTP GET /images/google_80wht.gif HTTP/1.1 21 17:58:30.303300 laptop-lan.local -> ik-in-f103.google.com HTTP GET /intl/nl/images/icons/about_toolbar.gif HTTP/1.1 23 17:58:30.304025 laptop-lan.local -> ik-in-f103.google.com HTTP GET /intl/nl/images/icons/about_dns_icon.gif HTTP/1.1 $ More information on display filters: http://wiki.wireshark.org/DisplayFilters http://www.wireshark.org/docs/dfref/
10. How to: show full packet details (1) Sake Blok on… Packet Capturing with Tshark Network analysis Community Center (http://www.netcc.nl) June 2008 $ tshark -r example.cap -V -R "frame.number==2" Frame 2 (1021 bytes on wire, 1021 bytes captured) Arrival Time: Jun 1, 2008 17:58:29.866889000 [Time delta from previous captured frame: 1.216981000 seconds] [Time delta from previous displayed frame: 1.216981000 seconds] [Time since reference or first frame: 1.216981000 seconds] Frame Number: 2 Frame Length: 1021 bytes Capture Length: 1021 bytes [Frame is marked: False] [Protocols in frame: eth:ip:tcp:http] Ethernet II, Src: Dell_aa:c3:72 (00:1c:23:aa:c3:72), Dst: JuniperN_bb:d1:32 (00:12:1e:bb:d1:32) Destination: JuniperN_bb:d1:32 (00:12:1e:bb:d1:32) Address: JuniperN_bb:d1:32 (00:12:1e:bb:d1:32) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Dell_aa:c3:72 (00:1c:23:aa:c3:72) Address: Dell_aa:c3:72 (00:1c:23:aa:c3:72) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 192.168.1.30 (192.168.1.30), Dst: 66.249.91.103 (66.249.91.103) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1007 Identification: 0xbbfa (48122) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0xdae7 [correct] [Good: True] [Bad : False] Source: 192.168.1.30 (192.168.1.30) Destination: 66.249.91.103 (66.249.91.103) Transmission Control Protocol, Src Port: senomix02 (8053), Dst Port: http (80), Seq: 1, Ack: 1, Len: 967 Source port: senomix02 (8053) Destination port: http (80) Sequence number: 1 (relative sequence number) [Next sequence number: 968 (relative sequence number)] Acknowledgement number: 1 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 63921 Checksum: 0x6408 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Hypertext Transfer Protocol GET /intl/nl/about.html HTTP/1.1 Request Method: GET Request URI: /intl/nl/about.html Request Version: HTTP/1.1 Host: www.google.nl User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://www.google.nl/webhp?hl=nl&tab=vw [truncated] Cookie: __utma=117705887.1086025020.1212335899.1212335899.1212335899.1; __utmb=117705887; __utmc=117705887; __utmz=1 17705887.1212335899.1.1.utmccn=(referral)|utmcsr=google.nl|utmcct=/webhp|utmcmd=referral; PREF=ID=35e15b106e56f If-Modified-Since: Fri, 18 Jan 2008 18:40:26 GMT Cache-Control: max-age=0 $
11. How to: show full packet details (2) Sake Blok on… Packet Capturing with Tshark Network analysis Community Center (http://www.netcc.nl) June 2008 Internet Protocol, Src: 192.168.1.30 (192.168.1.30), Dst: 66.249.91.103 (66.249.91.103) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 1007 Identification: 0xbbfa (48122) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0xdae7 [correct] [Good: True] [Bad : False] Source: 192.168.1.30 (192.168.1.30) Destination: 66.249.91.103 (66.249.91.103)
12. How to: show full packet details (3) Sake Blok on… Packet Capturing with Tshark Network analysis Community Center (http://www.netcc.nl) June 2008 Hypertext Transfer Protocol GET /intl/nl/about.html HTTP/1.1 Request Method: GET Request URI: /intl/nl/about.html Request Version: HTTP/1.1 Host: www.google.nl User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://www.google.nl/webhp?hl=nl&tab=vw [truncated] Cookie: __utma=117705887.1086025020.1212335899.1212335899.1212335899.1; __utmb=117705887; __utmc=117705887; __utmz=1 17705887.1212335899.1.1.utmccn=(referral)|utmcsr=google.nl|utmcct=/webhp|utmcmd=referral; PREF=ID=35e15b106e56f If-Modified-Since: Fri, 18 Jan 2008 18:40:26 GMT Cache-Control: max-age=0