The document discusses network packet analysis using Python. It provides an overview of network analysis tools like Wireshark and tcpdump, and how to use them to analyze network traffic captured in a pcap file. It also discusses how to create and send network packets using Scapy for tasks like port scanning, and how to filter network traffic using IPv4/IPv6 packet filters like iptables. The document provides examples of summarizing pcap data and crafting network packets for various protocols.
Ipv6 test plan for opnfv poc v2.2 spirent-vctlabIben Rodriguez
This document outlines test plans and requirements for testing IPv6 in an OPNFV PoC v2.0 environment using OpenStack Liberty and ODL Lithium SR2. It details:
(1) Setting up an IPv6 service VM in OpenStack with ODL controller capability for IPv6 routing and address advertisement.
(2) A test design and steps for setting up infrastructure, ODL and OpenStack controllers, and compute nodes.
(3) Positive test cases to validate IPv6 and IPv4 connectivity between VMs, routers and external DNS via ping, traceroute from the VM and service VM.
(4) References for IPv6 configuration and testing in Linux.
Raw sockets allow direct access to network protocols like ICMP and IGMP without using TCP or UDP. They enable implementing new IPv4 protocols, controlling packet headers, and building custom packets. However, raw sockets lose reliability guarantees and require handling network details like packet fragmentation manually. They also require root access on most systems.
The document discusses the nmap scanning tool and provides examples of using its basic scanning options. Nmap can scan for open ports on TCP, UDP, and other protocols. It can detect operating systems, banner grab services to identify software versions, and has options for port scanning, ping scanning entire networks, and more. Scripting options allow tasks like brute force attempts, information gathering, and vulnerability scanning.
Netcat (nc) is a networking utility that can be used to transfer files, run commands remotely, and scan ports on remote systems. It allows establishing TCP and UDP connections to ports on remote systems. The document provides examples of using nc to scan ports, transfer files between systems, set up reverse shells, and perform basic network tasks and administration. Google dorking techniques are also presented for searching websites and finding specific pages or files using keywords, titles, and URLs. The Whois tool is demonstrated to query registration records for domain names and obtain information like registrar, IP address, and name servers.
Triển khai vpn client to site qua router gponlaonap166
The document discusses configuring a remote access VPN behind a NAT router. It provides configuration details for an ASA firewall and NAT router to establish a VPN tunnel. Users can connect directly to the ASA or through the NAT router from the internet. The ASA is configured for NAT, cryptography, VPN groups, and interfaces. Show commands confirm successful VPN connections from both internal and external networks through the NAT router.
Vpn site to site 2 asa qua gpon ftth thực tếlaonap166
The document describes configuring a site-to-site VPN between two ASA firewalls located behind GPON routers in Ho Chi Minh City and Hanoi, Vietnam. Key steps include configuring interfaces and routing on the ASA in Hanoi, defining network objects, creating a crypto map to match traffic to the VPN, and establishing an IKEv1 and IPsec tunnel to the ASA in Ho Chi Minh City using pre-shared keys. Debug commands show the IKE negotiation and establishment of the VPN tunnel.
Как HeadHunter удалось безопасно нарушить RFC 793 (TCP) и обойти сетевые лову...Андрей Шорин
В какой-то момент 3-й в мире работный сайт начал периодически падать на несколько минут. Сюрпризом стало то, что в этот раз действительно из-за сети.
Для масштабирования сервисов и их взаимодействия между собой hh.ru использует внутренний балансировщик. Обработку 25 тыс. запросов в секунду обеспечивают 5 серверов с nginx. Обращение к этим серверам балансирует коммутатор.
Я расскажу, как мы расследовали серию инцидентов, которая была вызвана нарушением протокола TCP при балансировке. И что мы придумали, чтобы продолжить безнаказанно его нарушать.
Как HeadHunter удалось безопасно нарушить RFC 793 (TCP) и обойти сетевые лову...Ontico
В какой-то момент 3-й в мире работный сайт начал периодически падать на несколько минут. Сюрпризом стало то, что в этот раз действительно из-за сети.
Для масштабирования сервисов и их взаимодействия между собой hh.ru использует внутренний балансировщик. Обработку 25 тыс. запросов в секунду обеспечивают 5 серверов с nginx. Обращение к этим серверам балансирует коммутатор.
Я расскажу, как мы расследовали серию инцидентов, которая была вызвана нарушением протокола TCP при балансировке. И что мы придумали, чтобы продолжить безнаказанно его нарушать.
Ipv6 test plan for opnfv poc v2.2 spirent-vctlabIben Rodriguez
This document outlines test plans and requirements for testing IPv6 in an OPNFV PoC v2.0 environment using OpenStack Liberty and ODL Lithium SR2. It details:
(1) Setting up an IPv6 service VM in OpenStack with ODL controller capability for IPv6 routing and address advertisement.
(2) A test design and steps for setting up infrastructure, ODL and OpenStack controllers, and compute nodes.
(3) Positive test cases to validate IPv6 and IPv4 connectivity between VMs, routers and external DNS via ping, traceroute from the VM and service VM.
(4) References for IPv6 configuration and testing in Linux.
Raw sockets allow direct access to network protocols like ICMP and IGMP without using TCP or UDP. They enable implementing new IPv4 protocols, controlling packet headers, and building custom packets. However, raw sockets lose reliability guarantees and require handling network details like packet fragmentation manually. They also require root access on most systems.
The document discusses the nmap scanning tool and provides examples of using its basic scanning options. Nmap can scan for open ports on TCP, UDP, and other protocols. It can detect operating systems, banner grab services to identify software versions, and has options for port scanning, ping scanning entire networks, and more. Scripting options allow tasks like brute force attempts, information gathering, and vulnerability scanning.
Netcat (nc) is a networking utility that can be used to transfer files, run commands remotely, and scan ports on remote systems. It allows establishing TCP and UDP connections to ports on remote systems. The document provides examples of using nc to scan ports, transfer files between systems, set up reverse shells, and perform basic network tasks and administration. Google dorking techniques are also presented for searching websites and finding specific pages or files using keywords, titles, and URLs. The Whois tool is demonstrated to query registration records for domain names and obtain information like registrar, IP address, and name servers.
Triển khai vpn client to site qua router gponlaonap166
The document discusses configuring a remote access VPN behind a NAT router. It provides configuration details for an ASA firewall and NAT router to establish a VPN tunnel. Users can connect directly to the ASA or through the NAT router from the internet. The ASA is configured for NAT, cryptography, VPN groups, and interfaces. Show commands confirm successful VPN connections from both internal and external networks through the NAT router.
Vpn site to site 2 asa qua gpon ftth thực tếlaonap166
The document describes configuring a site-to-site VPN between two ASA firewalls located behind GPON routers in Ho Chi Minh City and Hanoi, Vietnam. Key steps include configuring interfaces and routing on the ASA in Hanoi, defining network objects, creating a crypto map to match traffic to the VPN, and establishing an IKEv1 and IPsec tunnel to the ASA in Ho Chi Minh City using pre-shared keys. Debug commands show the IKE negotiation and establishment of the VPN tunnel.
Как HeadHunter удалось безопасно нарушить RFC 793 (TCP) и обойти сетевые лову...Андрей Шорин
В какой-то момент 3-й в мире работный сайт начал периодически падать на несколько минут. Сюрпризом стало то, что в этот раз действительно из-за сети.
Для масштабирования сервисов и их взаимодействия между собой hh.ru использует внутренний балансировщик. Обработку 25 тыс. запросов в секунду обеспечивают 5 серверов с nginx. Обращение к этим серверам балансирует коммутатор.
Я расскажу, как мы расследовали серию инцидентов, которая была вызвана нарушением протокола TCP при балансировке. И что мы придумали, чтобы продолжить безнаказанно его нарушать.
Как HeadHunter удалось безопасно нарушить RFC 793 (TCP) и обойти сетевые лову...Ontico
В какой-то момент 3-й в мире работный сайт начал периодически падать на несколько минут. Сюрпризом стало то, что в этот раз действительно из-за сети.
Для масштабирования сервисов и их взаимодействия между собой hh.ru использует внутренний балансировщик. Обработку 25 тыс. запросов в секунду обеспечивают 5 серверов с nginx. Обращение к этим серверам балансирует коммутатор.
Я расскажу, как мы расследовали серию инцидентов, которая была вызвана нарушением протокола TCP при балансировке. И что мы придумали, чтобы продолжить безнаказанно его нарушать.
An IPSec VPN is configured between routers R1 and R2 using RSA signatures for authentication. NTP and a CA server are also configured to synchronize time and authenticate certificates between the routers. IKEv2 is then used to configure an IPSec VPN between routers R1 and R3 using pre-shared keys for authentication.
This document provides an overview and agenda for a training on the Nmap Scripting Engine (NSE). It begins with a 10 minute introduction to Nmap, covering what Nmap is used for and some basic scan options. Next, it spends 20 minutes reviewing the existing NSE script categories and how to use available scripts, demonstrating two sample scripts. Finally, it dedicates 20 minutes to explaining how to write your own NSE script, including the basic structure and providing an example of writing a script to find the website title.
Complete squid & firewall configuration. plus easy mac bindingChanaka Lasantha
1. The document details the configuration of a transparent SQUID Linux firewall to cache and filter internet traffic for internal clients. Key steps include installing and configuring Squid, setting up IP forwarding, configuring iptables firewall rules, and binding MAC addresses to IP addresses in Squid for access control.
The document describes a simulated hacking game scenario involving a compromised POS terminal infected with malware. It details the components of the botnet architecture including bot nodes, command and control infrastructure, and social media propagation. Diagrams show the network layout and communication channels. The document also examines the bot's components, capabilities, and protection mechanisms such as bytecode encryption and anti-debugging techniques. Hints are provided to help players progress in the game by bypassing defenses and achieving objectives over multiple days.
This document provides information on various debugging and profiling tools that can be used for Ruby including:
- lsof to list open files for a process
- strace to trace system calls and signals
- tcpdump to dump network traffic
- google perftools profiler for CPU profiling
- pprof to analyze profiling data
It also discusses how some of these tools have helped identify specific performance issues with Ruby like excessive calls to sigprocmask and memcpy calls slowing down EventMachine with threads.
This document discusses advanced Linux firewall configuration using Netfilter and Iptables. It begins with an introduction of the speaker and an overview of the topics to be covered, including packet processing, connection tracking, iptables rules and tables, iptables modules, and managing firewall rules for cloud environments. The document then delves into technical details like the sk_buff packet representation in Linux, the Netfilter packet flow, basic iptables usage, and differences between stateful and stateless firewalls.
#Include os - From bootloader to REST API with the new C++IncludeOS
The document discusses IncludeOS, a minimal operating system implemented from scratch in C++. It can be included directly in an ELF binary to create a unikernel. IncludeOS is 300x smaller in disk size and 100x less memory usage than traditional operating systems. It supports building REST APIs and web servers directly in C++ applications using the operating system. Drivers are self-registering so applications only link in what they need. Interrupts are handled through delegating to subscriber functions. The document demonstrates building a TCP server and routing in a web application directly in C++ using the IncludeOS APIs and libraries.
The document describes how to debug a kernel crash by recording the full kernel panic text using techniques like configuring a serial console, using the netconsole kernel feature, or manually dumping memory on a virtual machine. It also explains how to use the crash analysis tool to examine the crash dump, including getting a backtrace, disassembling instructions, and viewing the kernel log.
The document discusses reverse engineering the firmware of Swisscom's Centro Grande modems. It identifies several vulnerabilities found, including a command overflow issue that allows complete control of the device by exceeding the input buffer, and multiple buffer overflow issues that can be exploited to execute code remotely by crafting specially formatted XML files. Details are provided on the exploitation techniques and timeline of coordination with Swisscom to address the vulnerabilities.
Kernel Recipes 2013 - Deciphering OopsiesAnne Nicolas
The Linux kernel is a very complex beast living in millions of households and data centers around the world. Normally, you’re not supposed to notice its presence but when it gets cranky because of something not suiting it, it spits crazy messages called colloquially
oopses and panics.
In this talk, we’re going to try to understand how to read those messages in order to be able to address its complaints so that it can get back to work for us.
This utility calculates MOS scores for audio streams in .pcap files, optionally decoding the audio to .wav files. It runs on Linux, macOS, and OpenWRT, requires no database, and supports several common codecs. The user provides a .pcap file path and can choose json output or audio saving. The utility then extracts and analyzes RTP streams, calculating MOS scores and statistics and printing the results.
The document describes a Secure Active Switch (SAS) system that implements modifications to the Linux kernel bridge to prevent ARP poisoning attacks on a local network. The SAS runs on an embedded system using a ColdFire Motorola processor. It functions as an active network switch that can detect and block ARP attacks by monitoring packets and learning the MAC-IP bindings. Testing showed the SAS successfully blocked ARP poisoning attempts while only adding around 1% more latency to regular network traffic.
The document discusses troubleshooting issues with VRRP interfaces on Nokia Checkpoint Firewalls transitioning to a master-master state. Common causes are the individual VRIDs not seeing each other's multicast requests due to network issues. Key steps outlined are using tcpdump on interfaces to check if multicast requests are being received, checking interface states and priorities, and ensuring VRIDs are properly cabled. Swapping cables if VRIDs don't match can resolve a master-master state issue.
The document discusses using virtual machine techniques like GuestRPC and Backdoor I/O to conduct virtual denial of service attacks. It describes fuzzing the GuestRPC interface to discover bugs in systems like HGFS that could be exploited to cause memory leaks or crashes on the host machine. While vendors issue fixes, it notes that fully preventing abuse of these virtual machine behaviors is difficult and some techniques remain unfixed. It concludes with questions about using these kinds of attacks to bypass security systems on virtual machines.
This document contains configurations for Cisco routers, including:
1. Interface configurations for E1 and serial interfaces with descriptions and multilink PPP settings.
2. Site-to-site VPN and Easy VPN configurations using IPSec.
3. Control plane policies to limit traffic like Telnet, SNMP, and ICMP.
4. Other settings like IP aliases, QoS, time ranges, route maps, NTP, TACACS, RADIUS, DHCP, and ISDN.
The document discusses various scan types available in the nmap port scanner program. It describes TCP connect scans which actively connect to ports, SYN stealth scans which send SYN packets to identify open and closed ports without fully establishing connections, and less common FIN, NULL and XMAS scans. It also covers ping scans to identify online systems, UDP scans, and options for customizing scans to avoid detection like altering timing and using decoys. The goal is to help users understand different scan techniques and how to choose scans suited to different target types or detection avoidance needs.
This document provides instructions for configuring and demonstrating the weighted fair queuing (WFQ) queueing mechanism on a router interface. It describes configuring WFQ on Router R2's Serial 0/1 interface, and using show commands to observe its operation and how it handles traffic. The thresholds, queues and other WFQ parameters are modified to test its behavior under heavy traffic loads.
netfilter is a framework provided by the Linux kernel that allows various networking-related operations to be implemented in the form of customized handlers.
iptables is a user-space application program that allows a system administrator to configure the tables provided by the Linux kernel firewall (implemented as different netfilter modules) and the chains and rules it stores.
Many systems use iptables/netfilter, Linux's native packet filtering/mangling framework since Linux 2.4, be it home routers or sophisticated cloud network stacks.
In this session, we will talk about the netfilter framework and its facilities, explain how basic filtering and mangling use-cases are implemented using iptables, and introduce some less common but powerful extensions of iptables.
Shmulik Ladkani, Chief Architect at Nsof Networks.
Long time network veteran and kernel geek.
Shmulik started his career at Jungo (acquired by NDS/Cisco) implementing residential gateway software, focusing on embedded Linux, Linux kernel, networking and hardware/software integration.
Some billions of forwarded packets later, Shmulik left his position as Jungo's lead architect and joined Ravello Systems (acquired by Oracle) as tech lead, developing a virtual data center as a cloud-based service, focusing around virtualization systems, network virtualization and SDN.
Recently he co-founded Nsof Networks, where he's been busy architecting network infrastructure as a cloud-based service, gazing at internet routes in astonishment, and playing the chkuku.
The document discusses various techniques that internet service providers can use to prevent IP reflection attacks, including:
- Implementing BCP38 and BCP140, which involve validating the source IP address of incoming packets to prevent spoofing. This is recommended to be deployed as close to the edge of the network as possible.
- Enforcing validation using access control lists (ACLs) to filter packets and unicast reverse path forwarding (uRPF) to check the return path of source IP addresses. Strict uRPF is recommended for customers.
- Example ACL and uRPF configurations are provided for Cisco and Juniper routers to filter traffic from customer networks connected to the ISP edge router.
An IPSec VPN is configured between routers R1 and R2 using RSA signatures for authentication. NTP and a CA server are also configured to synchronize time and authenticate certificates between the routers. IKEv2 is then used to configure an IPSec VPN between routers R1 and R3 using pre-shared keys for authentication.
This document provides an overview and agenda for a training on the Nmap Scripting Engine (NSE). It begins with a 10 minute introduction to Nmap, covering what Nmap is used for and some basic scan options. Next, it spends 20 minutes reviewing the existing NSE script categories and how to use available scripts, demonstrating two sample scripts. Finally, it dedicates 20 minutes to explaining how to write your own NSE script, including the basic structure and providing an example of writing a script to find the website title.
Complete squid & firewall configuration. plus easy mac bindingChanaka Lasantha
1. The document details the configuration of a transparent SQUID Linux firewall to cache and filter internet traffic for internal clients. Key steps include installing and configuring Squid, setting up IP forwarding, configuring iptables firewall rules, and binding MAC addresses to IP addresses in Squid for access control.
The document describes a simulated hacking game scenario involving a compromised POS terminal infected with malware. It details the components of the botnet architecture including bot nodes, command and control infrastructure, and social media propagation. Diagrams show the network layout and communication channels. The document also examines the bot's components, capabilities, and protection mechanisms such as bytecode encryption and anti-debugging techniques. Hints are provided to help players progress in the game by bypassing defenses and achieving objectives over multiple days.
This document provides information on various debugging and profiling tools that can be used for Ruby including:
- lsof to list open files for a process
- strace to trace system calls and signals
- tcpdump to dump network traffic
- google perftools profiler for CPU profiling
- pprof to analyze profiling data
It also discusses how some of these tools have helped identify specific performance issues with Ruby like excessive calls to sigprocmask and memcpy calls slowing down EventMachine with threads.
This document discusses advanced Linux firewall configuration using Netfilter and Iptables. It begins with an introduction of the speaker and an overview of the topics to be covered, including packet processing, connection tracking, iptables rules and tables, iptables modules, and managing firewall rules for cloud environments. The document then delves into technical details like the sk_buff packet representation in Linux, the Netfilter packet flow, basic iptables usage, and differences between stateful and stateless firewalls.
#Include os - From bootloader to REST API with the new C++IncludeOS
The document discusses IncludeOS, a minimal operating system implemented from scratch in C++. It can be included directly in an ELF binary to create a unikernel. IncludeOS is 300x smaller in disk size and 100x less memory usage than traditional operating systems. It supports building REST APIs and web servers directly in C++ applications using the operating system. Drivers are self-registering so applications only link in what they need. Interrupts are handled through delegating to subscriber functions. The document demonstrates building a TCP server and routing in a web application directly in C++ using the IncludeOS APIs and libraries.
The document describes how to debug a kernel crash by recording the full kernel panic text using techniques like configuring a serial console, using the netconsole kernel feature, or manually dumping memory on a virtual machine. It also explains how to use the crash analysis tool to examine the crash dump, including getting a backtrace, disassembling instructions, and viewing the kernel log.
The document discusses reverse engineering the firmware of Swisscom's Centro Grande modems. It identifies several vulnerabilities found, including a command overflow issue that allows complete control of the device by exceeding the input buffer, and multiple buffer overflow issues that can be exploited to execute code remotely by crafting specially formatted XML files. Details are provided on the exploitation techniques and timeline of coordination with Swisscom to address the vulnerabilities.
Kernel Recipes 2013 - Deciphering OopsiesAnne Nicolas
The Linux kernel is a very complex beast living in millions of households and data centers around the world. Normally, you’re not supposed to notice its presence but when it gets cranky because of something not suiting it, it spits crazy messages called colloquially
oopses and panics.
In this talk, we’re going to try to understand how to read those messages in order to be able to address its complaints so that it can get back to work for us.
This utility calculates MOS scores for audio streams in .pcap files, optionally decoding the audio to .wav files. It runs on Linux, macOS, and OpenWRT, requires no database, and supports several common codecs. The user provides a .pcap file path and can choose json output or audio saving. The utility then extracts and analyzes RTP streams, calculating MOS scores and statistics and printing the results.
The document describes a Secure Active Switch (SAS) system that implements modifications to the Linux kernel bridge to prevent ARP poisoning attacks on a local network. The SAS runs on an embedded system using a ColdFire Motorola processor. It functions as an active network switch that can detect and block ARP attacks by monitoring packets and learning the MAC-IP bindings. Testing showed the SAS successfully blocked ARP poisoning attempts while only adding around 1% more latency to regular network traffic.
The document discusses troubleshooting issues with VRRP interfaces on Nokia Checkpoint Firewalls transitioning to a master-master state. Common causes are the individual VRIDs not seeing each other's multicast requests due to network issues. Key steps outlined are using tcpdump on interfaces to check if multicast requests are being received, checking interface states and priorities, and ensuring VRIDs are properly cabled. Swapping cables if VRIDs don't match can resolve a master-master state issue.
The document discusses using virtual machine techniques like GuestRPC and Backdoor I/O to conduct virtual denial of service attacks. It describes fuzzing the GuestRPC interface to discover bugs in systems like HGFS that could be exploited to cause memory leaks or crashes on the host machine. While vendors issue fixes, it notes that fully preventing abuse of these virtual machine behaviors is difficult and some techniques remain unfixed. It concludes with questions about using these kinds of attacks to bypass security systems on virtual machines.
This document contains configurations for Cisco routers, including:
1. Interface configurations for E1 and serial interfaces with descriptions and multilink PPP settings.
2. Site-to-site VPN and Easy VPN configurations using IPSec.
3. Control plane policies to limit traffic like Telnet, SNMP, and ICMP.
4. Other settings like IP aliases, QoS, time ranges, route maps, NTP, TACACS, RADIUS, DHCP, and ISDN.
The document discusses various scan types available in the nmap port scanner program. It describes TCP connect scans which actively connect to ports, SYN stealth scans which send SYN packets to identify open and closed ports without fully establishing connections, and less common FIN, NULL and XMAS scans. It also covers ping scans to identify online systems, UDP scans, and options for customizing scans to avoid detection like altering timing and using decoys. The goal is to help users understand different scan techniques and how to choose scans suited to different target types or detection avoidance needs.
This document provides instructions for configuring and demonstrating the weighted fair queuing (WFQ) queueing mechanism on a router interface. It describes configuring WFQ on Router R2's Serial 0/1 interface, and using show commands to observe its operation and how it handles traffic. The thresholds, queues and other WFQ parameters are modified to test its behavior under heavy traffic loads.
netfilter is a framework provided by the Linux kernel that allows various networking-related operations to be implemented in the form of customized handlers.
iptables is a user-space application program that allows a system administrator to configure the tables provided by the Linux kernel firewall (implemented as different netfilter modules) and the chains and rules it stores.
Many systems use iptables/netfilter, Linux's native packet filtering/mangling framework since Linux 2.4, be it home routers or sophisticated cloud network stacks.
In this session, we will talk about the netfilter framework and its facilities, explain how basic filtering and mangling use-cases are implemented using iptables, and introduce some less common but powerful extensions of iptables.
Shmulik Ladkani, Chief Architect at Nsof Networks.
Long time network veteran and kernel geek.
Shmulik started his career at Jungo (acquired by NDS/Cisco) implementing residential gateway software, focusing on embedded Linux, Linux kernel, networking and hardware/software integration.
Some billions of forwarded packets later, Shmulik left his position as Jungo's lead architect and joined Ravello Systems (acquired by Oracle) as tech lead, developing a virtual data center as a cloud-based service, focusing around virtualization systems, network virtualization and SDN.
Recently he co-founded Nsof Networks, where he's been busy architecting network infrastructure as a cloud-based service, gazing at internet routes in astonishment, and playing the chkuku.
The document discusses various techniques that internet service providers can use to prevent IP reflection attacks, including:
- Implementing BCP38 and BCP140, which involve validating the source IP address of incoming packets to prevent spoofing. This is recommended to be deployed as close to the edge of the network as possible.
- Enforcing validation using access control lists (ACLs) to filter packets and unicast reverse path forwarding (uRPF) to check the return path of source IP addresses. Strict uRPF is recommended for customers.
- Example ACL and uRPF configurations are provided for Cisco and Juniper routers to filter traffic from customer networks connected to the ISP edge router.
nftables - the evolution of Linux FirewallMarian Marinov
This document provides an overview of nftables, the new packet filtering framework that replaces iptables in the Linux kernel. It discusses the history and predecessors to nftables, how nftables works, key differences from iptables like its more flexible table and chain configuration, and examples of basic nftables rulesets. It also covers topics like matches, jumps, load balancing performance, and kernel configuration options for nftables.
Pcapy and dpkt - tcpdump on steroids - Ran Leibman - DevOpsDays Tel Aviv 2018DevOpsDays Tel Aviv
Tcpdump is awesome for debugging issues on the network layer. But sometime you want to do a bit more, like look into the application layers or do some aggregation. In this talk I’m going to show you how to use python together with the pcapy and dpkt modules to take tcpdump to the next level.
Nmap is a free and open source tool for network discovery and security auditing. It was written by Fyodor and allows users to identify hosts on a network, determine services and operating systems running on them, and discover vulnerabilities. The document outlines the basic anatomy of a scan, describing the DNS lookup, ping, reverse DNS lookup, and scan steps. It also covers different scan types like TCP SYN, connect, ping, and UDP scans as well as useful options for excluding or including targets, specifying port numbers, and adjusting ping behavior. Later modules discuss operating system and version detection, stealth scanning techniques, timing options, and randomizing scans.
This document summarizes the /etc/services file, which defines network services and their associated port numbers. It notes that the file contains services defined by IANA in the Assigned Numbers registry, including well-known ports from 0-1023, registered ports from 1024-49151, and dynamic/private ports from 49152-65535. Each entry lists the service name, port number, transport protocol, and optional comments or aliases.
IPv6 is slowly making its way into our environments and we need to be aware of how it impacts the systems we manage. This presentation takes us through a basic review of the protocol from a pentesters perspective
Note I only need the last 3 sub-questions ( e, f and g) 3. Firew.pdfezonesolutions
Note: I only need the last 3 sub-questions ( e, f and g) 3. Firewall Design (55pts) Design a
firewall for your Linux machine using the iptables packet filtering mod- It is likely that iptables
came pre-installed with the Linux distribution you are using. In the event you are using an old
version of the Linux kernel, you may need to upgrade it for iptables to work. Your homework
consists of writing iptables rules to do the following: (a) Place no restriction on outbound
packets. (b) Allow for ssH access (port 22) to your machine from only the fiu.edu domain. (c)
Assuming you are running an HTTPD server on your machine that can make available your
entire horne directory to the outside world, write a rule that allows only a single IP address in the
internet to access your machine for the HTTP service. (d) Permit Auth/Ident (port 113) that is
used by some services like SMTP and (e) Aocept the ICMP Echo requests (as used by ping)
ooming from the outside. Respond back with TcP RST or ICMP unreachable for incoming
requests blocked ports. (g) Block all input packats from the enn.com domain and respond back
with destination unreachable error message for all incoming SYN packets from the cnn.com
domain.
Solution
(e) Echo Request:
Ping operates by sending Internet Control Message Protocol (ICMP) echo request packets to the
target host and waiting for an ICMP echo reply. It measures the round-trip time from
transmission to reception, reporting errors and packet loss.
Ping is a computer network administration software utility used to test the reachability of a host
on an Internet Protocol (IP) network.
Packet InterNet Gopher, is a computer network administration utility used to test the reachability
of a host on an Internet Protocol (IP) network and to measure the total round-trip time for
messages sent from the originating host to a destination computer and back.
Ping operates by sending Internet Control Message Protocol (ICMP) Echo Request packets to the
target host and waiting for an ICMP Echo Reply. The program reports errors, packet loss, and a
statistical summary of the results, typically including the minimum, maximum, the mean round-
trip times, and standard deviation of the mean.
The Internet Control Message Protocol (ICMP) is a supporting protocol in the Internet protocol
suite. It is used by network devices, like routers, to send error messages and operational
information indicating, for example, that a requested service is not available or that a host or
router could not be reached. ICMP differs from transport protocols such as TCPand UDP in that
it is not typically used to exchange data between systems, nor is it regularly employed by end-
user network applications (with the exception of some diagnostic tools like ping and traceroute).
The Internet Control Message Protocol (ICMP) has many messages that are identified by a
“type” field. You need to use 0 and 8 ICMP code types.
=> Zero (0) is for echo-reply
=> Eight (8) is for echo-request.
To .
The Next Generation Firewall for Red Hat Enterprise Linux 7 RCThomas Graf
FirewallD provides firewall management as a service in RHEL 7, abstracting policy definition and handling configuration. The kernel includes new filtering capabilities like connection tracking targets and extended accounting. Nftables, a new packet filtering subsystem to eventually replace iptables, uses a state machine-based approach with unified nft user interface.
This document provides an overview of network traffic analysis. It discusses why traffic analysis is useful for gaining knowledge about a network, investigating issues, and network forensics. It also summarizes the basics of TCP/IP protocols, packet sniffing tools like Wireshark and Tcpdump, and how to analyze network traffic captures for troubleshooting and security purposes. Hands-on network forensics examples are provided to demonstrate these concepts.
This document summarizes research on Netfilter and FreeS/WAN, which are tools used to create firewall and VPN gateways on Linux systems. It explains how packets flow through Netfilter chains like INPUT, OUTPUT, and FORWARD. Stateful inspection is described, which tracks connections to securely allow returning traffic. The interaction of Netfilter and FreeS/WAN is also examined, with an example of ICMP traffic traversing the firewall chains between an internal workstation and external server to demonstrate stateful connection tracking.
The document discusses Nmap, a free and open source tool for network discovery and security auditing. It describes Nmap's scanning techniques like SYN scans, ping scans, UDP scans, and version detection. It also covers options for detecting the operating system, specifying hosts and ports to include or exclude from scans, getting real-time information through verbose mode and packet tracing, and logging scan results in different formats.
KVM Security Groups Under the Hood - Wido den Hollander - Your.OnlineShapeBlue
They are just a few clicks in the UI or a single API call, but how do security groups work at KVM hypervisor level? How do they filter traffic and what else do they do in addition to firewalling? What Anti-Spoofing policies are implemented by the security groups?
In this talk, Wido dives into the specifics of the security groups on the KVM hypervisor for both IPv4 and IPv6.
-----------------------------------------
The CloudStack Collaboration Conference 2023 took place on 23-24th November. The conference, arranged by a group of volunteers from the Apache CloudStack Community, took place in the voco hotel, in Porte de Clichy, Paris. It hosted over 350 attendees, with 47 speakers holding technical talks, user stories, new features and integrations presentations and more.
This document summarizes a port knocking challenge from the PHD CTF Quals 2011. Port knocking involves sequentially sending SYN packets to closed ports to trigger a service to open a specific port. The challenge involved knocking on 7 ports in the correct order to open an FTP server on another port. Two Python scripts are provided as solutions: one uses Scapy to send the port knocks, while another runs a series of Nmap scans to test the open ports. Advantages and disadvantages of port knocking are also discussed.
PLNOG 13: Piotr Głaska: Quality of service monitoring in IP networksPROIDEA
Piotr Głaska – Senior Product Manager at Huawei, Enterprise Networking department. Experienced in management, design and deployment of IP solutions, for 17 years worked for various companies as service provides, through the end-user, integrator, up to device producer. The Huawei Certified Datacom Proffesional HCDP, Cisco CCIE #15966 and HP MASE.
Topic of Presentation: Quality of service monitoring in IP networks
Language: Polish
Abstract: TBD
This document discusses several tools for monitoring and testing network performance and connectivity in Linux systems. It describes how to use ping and nmap to test host availability and scan open ports. It also explains how to use IPTraf to monitor network traffic, ethtool to view and configure network interface settings, and qperf to measure Ethernet bandwidth and latency between two hosts.
Codemotion Rome 2015 - Building a drone from scratch with spare parts is a challenging business. To accomplish this journey, a Linux embedded stability control system is developed entirely from 0.This is a journey starting from the hardware choosing (a home WIFI router), to a stable and real flight. Unconventional implementations are one of the main topic, like using WiFi as communication between drone and pilot, HTML5 and COMET to show telemetry from the router web server, and implementing a entirely new protocol based on 802.11 Beacon Frames to prevent deauthentication attacks.
The document discusses securing Cisco routers by hardening configurations based on the NSA Router Security Configuration Guide. It covers topics such as physical security of routers, defining loopback interfaces, banner configuration, blocking SYN flooding attacks using TCP intercept, tuning IP stack parameters like limiting embryonic connections and enabling TCP selective acknowledgment. It also discusses access control measures like basic authentication, AAA authentication using RADIUS/TACACS+, privilege levels, and disabling unused ports and protocols like CDP.
Similar to True stories on the analysis of network activity using Python (20)
The presentation from Python meetup by JettyCloud about solving a problem found in a library that uses hashlib, followed by an overview of the CPython hashlib module with implementation details.
The document discusses JIT compilation in CPython. It begins with a brief history of JIT compilation, including early implementations in LISP and Smalltalk. The author then describes their experience with JIT compilation in CPython, including converting Python code to IL assembly and machine code. Benchmarks show the JIT compiled Fibonacci function is around 8 times faster than the unoptimized version. Finally, the document briefly mentions the Numba project, which uses JIT compilation to accelerate Python code.
This document provides a summary of different data storage systems and structures. It discusses B-trees, LSM-trees, hash indices, R-trees, and the Block Range Index. It describes their uses, properties, and tradeoffs for operations like reads, writes, and range queries. Overall, the document analyzes various indexing techniques and how they are applied in different databases.
FUSE (Filesystem in Userspace) allows non-privileged users to create their own file systems. It works by mounting the file system within the userspace virtual file system. Python has a FUSE library called fusepy that provides a simple interface for implementing FUSE file systems in Python. PEPFS is an example of a FUSE file system implemented in Python that makes Python Enhancement Proposals (PEPs) available as read-only files organized in a file system structure. It uses fusepy and lazily downloads specific PEP files on demand when read.
This document traces the history and design process of the Python logo. It discusses the 1990s logo designed by Just van Rossum and Erik van Blokman. In 2006, Tim Parkin redesigned the logo to be more friendly while retaining simplicity and memorability. Parkin's logo was inspired by Mayan snake representations and used cross, spiral, and yin-yang shapes to evoke primitive meanings. The new logo launched alongside a python.org redesign.
The presentation from SPbPython community / PiterPy meetup.
The presentation tells about one idea how it is possible to perform an obfuscation of numbers in Python.
ITGM #9 - Коварный CodeType, или от segfault'а к работающему кодуdelimitry
Доклад с ITGM #9 рассказывающий про реальный пример поиска и исправления Segmentation fault при генерации функции на Python в одном проекте
(Доклад вместе с http://www.slideshare.net/AndreyZakharevich)
The presentation from SPb Python Interest Group community meetup.
The presentation tells about the dictionaries in Python, reviews the implementation of dictionary in CPython 2.x, dictionary in CPython 3.x, and also recent changes in CPython 3.6. In addition to CPython the dictionaries in alternative Python implementations such as PyPy, IronPython and Jython are reviewed.
Презентация со встречи сообщества SPb Python Interest Group рассказывающая об устройстве словарей в Python.
В презентации рассмотрена работа словаря в CPython 2.x, словаря в CPython 3.x, а также рассмотрены изменения в CPython 3.6.
Помимо CPython рассмотрены версии словаря в альтернативных реализациях Python, таких как PyPy, IronPython и Jython.
Разработка фреймворка на Python для автоматизации тестирования STB боксовdelimitry
Презентация для PiterPy #2, рассказывающая об опыте разработки и использования фреймворка на Python для автоматизированного тестирования STB (Set-Top Boxes).
This document discusses the "Rings" cryptography challenge from the SchoolCTF 2012 competition. It references the Lord of the Rings and provides a file related to the challenge. It also discusses Louis Braille, the inventor of braille, noting that he allowed blind and visually impaired people to read and write. It states the braille system remains important for learning and communication for blind people worldwide, and has been adapted for many languages. The flag provided as the result is "Pantheon", referring to the location of Braille's resting place.
8 Best Automated Android App Testing Tool and Framework in 2024.pdfkalichargn70th171
Regarding mobile operating systems, two major players dominate our thoughts: Android and iPhone. With Android leading the market, software development companies are focused on delivering apps compatible with this OS. Ensuring an app's functionality across various Android devices, OS versions, and hardware specifications is critical, making Android app testing essential.
Flutter is a popular open source, cross-platform framework developed by Google. In this webinar we'll explore Flutter and its architecture, delve into the Flutter Embedder and Flutter’s Dart language, discover how to leverage Flutter for embedded device development, learn about Automotive Grade Linux (AGL) and its consortium and understand the rationale behind AGL's choice of Flutter for next-gen IVI systems. Don’t miss this opportunity to discover whether Flutter is right for your project.
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Crescat
Crescat is industry-trusted event management software, built by event professionals for event professionals. Founded in 2017, we have three key products tailored for the live event industry.
Crescat Event for concert promoters and event agencies. Crescat Venue for music venues, conference centers, wedding venues, concert halls and more. And Crescat Festival for festivals, conferences and complex events.
With a wide range of popular features such as event scheduling, shift management, volunteer and crew coordination, artist booking and much more, Crescat is designed for customisation and ease-of-use.
Over 125,000 events have been planned in Crescat and with hundreds of customers of all shapes and sizes, from boutique event agencies through to international concert promoters, Crescat is rigged for success. What's more, we highly value feedback from our users and we are constantly improving our software with updates, new features and improvements.
If you plan events, run a venue or produce festivals and you're looking for ways to make your life easier, then we have a solution for you. Try our software for free or schedule a no-obligation demo with one of our product specialists today at crescat.io
Zoom is a comprehensive platform designed to connect individuals and teams efficiently. With its user-friendly interface and powerful features, Zoom has become a go-to solution for virtual communication and collaboration. It offers a range of tools, including virtual meetings, team chat, VoIP phone systems, online whiteboards, and AI companions, to streamline workflows and enhance productivity.
Graspan: A Big Data System for Big Code AnalysisAftab Hussain
We built a disk-based parallel graph system, Graspan, that uses a novel edge-pair centric computation model to compute dynamic transitive closures on very large program graphs.
We implement context-sensitive pointer/alias and dataflow analyses on Graspan. An evaluation of these analyses on large codebases such as Linux shows that their Graspan implementations scale to millions of lines of code and are much simpler than their original implementations.
These analyses were used to augment the existing checkers; these augmented checkers found 132 new NULL pointer bugs and 1308 unnecessary NULL tests in Linux 4.4.0-rc5, PostgreSQL 8.3.9, and Apache httpd 2.2.18.
- Accepted in ASPLOS ‘17, Xi’an, China.
- Featured in the tutorial, Systemized Program Analyses: A Big Data Perspective on Static Analysis Scalability, ASPLOS ‘17.
- Invited for presentation at SoCal PLS ‘16.
- Invited for poster presentation at PLDI SRC ‘16.
DDS Security Version 1.2 was adopted in 2024. This revision strengthens support for long runnings systems adding new cryptographic algorithms, certificate revocation, and hardness against DoS attacks.
Odoo ERP software
Odoo ERP software, a leading open-source software for Enterprise Resource Planning (ERP) and business management, has recently launched its latest version, Odoo 17 Community Edition. This update introduces a range of new features and enhancements designed to streamline business operations and support growth.
The Odoo Community serves as a cost-free edition within the Odoo suite of ERP systems. Tailored to accommodate the standard needs of business operations, it provides a robust platform suitable for organisations of different sizes and business sectors. Within the Odoo Community Edition, users can access a variety of essential features and services essential for managing day-to-day tasks efficiently.
This blog presents a detailed overview of the features available within the Odoo 17 Community edition, and the differences between Odoo 17 community and enterprise editions, aiming to equip you with the necessary information to make an informed decision about its suitability for your business.
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI AppGoogle
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
👉👉 Click Here To Get More Info 👇👇
https://sumonreview.com/ai-fusion-buddy-review
AI Fusion Buddy Review: Key Features
✅Create Stunning AI App Suite Fully Powered By Google's Latest AI technology, Gemini
✅Use Gemini to Build high-converting Converting Sales Video Scripts, ad copies, Trending Articles, blogs, etc.100% unique!
✅Create Ultra-HD graphics with a single keyword or phrase that commands 10x eyeballs!
✅Fully automated AI articles bulk generation!
✅Auto-post or schedule stunning AI content across all your accounts at once—WordPress, Facebook, LinkedIn, Blogger, and more.
✅With one keyword or URL, generate complete websites, landing pages, and more…
✅Automatically create & sell AI content, graphics, websites, landing pages, & all that gets you paid non-stop 24*7.
✅Pre-built High-Converting 100+ website Templates and 2000+ graphic templates logos, banners, and thumbnail images in Trending Niches.
✅Say goodbye to wasting time logging into multiple Chat GPT & AI Apps once & for all!
✅Save over $5000 per year and kick out dependency on third parties completely!
✅Brand New App: Not available anywhere else!
✅ Beginner-friendly!
✅ZERO upfront cost or any extra expenses
✅Risk-Free: 30-Day Money-Back Guarantee!
✅Commercial License included!
See My Other Reviews Article:
(1) AI Genie Review: https://sumonreview.com/ai-genie-review
(2) SocioWave Review: https://sumonreview.com/sociowave-review
(3) AI Partner & Profit Review: https://sumonreview.com/ai-partner-profit-review
(4) AI Ebook Suite Review: https://sumonreview.com/ai-ebook-suite-review
#AIFusionBuddyReview,
#AIFusionBuddyFeatures,
#AIFusionBuddyPricing,
#AIFusionBuddyProsandCons,
#AIFusionBuddyTutorial,
#AIFusionBuddyUserExperience
#AIFusionBuddyforBeginners,
#AIFusionBuddyBenefits,
#AIFusionBuddyComparison,
#AIFusionBuddyInstallation,
#AIFusionBuddyRefundPolicy,
#AIFusionBuddyDemo,
#AIFusionBuddyMaintenanceFees,
#AIFusionBuddyNewbieFriendly,
#WhatIsAIFusionBuddy?,
#HowDoesAIFusionBuddyWorks
Atelier - Innover avec l’IA Générative et les graphes de connaissancesNeo4j
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Allez au-delà du battage médiatique autour de l’IA et découvrez des techniques pratiques pour utiliser l’IA de manière responsable à travers les données de votre organisation. Explorez comment utiliser les graphes de connaissances pour augmenter la précision, la transparence et la capacité d’explication dans les systèmes d’IA générative. Vous partirez avec une expérience pratique combinant les relations entre les données et les LLM pour apporter du contexte spécifique à votre domaine et améliorer votre raisonnement.
Amenez votre ordinateur portable et nous vous guiderons sur la mise en place de votre propre pile d’IA générative, en vous fournissant des exemples pratiques et codés pour démarrer en quelques minutes.
Neo4j - Product Vision and Knowledge Graphs - GraphSummit ParisNeo4j
Dr. Jesús Barrasa, Head of Solutions Architecture for EMEA, Neo4j
Découvrez les dernières innovations de Neo4j, et notamment les dernières intégrations cloud et les améliorations produits qui font de Neo4j un choix essentiel pour les développeurs qui créent des applications avec des données interconnectées et de l’IA générative.
Software Engineering, Software Consulting, Tech Lead, Spring Boot, Spring Cloud, Spring Core, Spring JDBC, Spring Transaction, Spring MVC, OpenShift Cloud Platform, Kafka, REST, SOAP, LLD & HLD.
Microservice Teams - How the cloud changes the way we workSven Peters
A lot of technical challenges and complexity come with building a cloud-native and distributed architecture. The way we develop backend software has fundamentally changed in the last ten years. Managing a microservices architecture demands a lot of us to ensure observability and operational resiliency. But did you also change the way you run your development teams?
Sven will talk about Atlassian’s journey from a monolith to a multi-tenanted architecture and how it affected the way the engineering teams work. You will learn how we shifted to service ownership, moved to more autonomous teams (and its challenges), and established platform and enablement teams.
UI5con 2024 - Keynote: Latest News about UI5 and it’s EcosystemPeter Muessig
Learn about the latest innovations in and around OpenUI5/SAPUI5: UI5 Tooling, UI5 linter, UI5 Web Components, Web Components Integration, UI5 2.x, UI5 GenAI.
Recording:
https://www.youtube.com/live/MSdGLG2zLy8?si=INxBHTqkwHhxV5Ta&t=0
GraphSummit Paris - The art of the possible with Graph TechnologyNeo4j
Sudhir Hasbe, Chief Product Officer, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian CompaniesQuickdice ERP
Explore the seamless transition to e-invoicing with this comprehensive guide tailored for Saudi Arabian businesses. Navigate the process effortlessly with step-by-step instructions designed to streamline implementation and enhance efficiency.
9. tcpdump
Tool for dumping the traffic on a network
/mnt/nfs/tcpdump -i eth1 -w ./tcpdump.pcap 'ip and not (src 192.168.17.1 or dst
192.168.17.1) and not broadcast and not multicast and host not 10.12.1.100' &
N.B. filters!
Examples:
# show traffic to 10.12.1.2 that is not ICMP:
tcpdump dst 10.12.1.2 and src net and not icmp
# show SYNACK packets:
tcpdump 'tcp[13]=18'
9
11. Test report
total DNS sessions: 17
--------------------------------------------------------------------------------
domain name | bad responses
--------------------------------------------------------------------------------
host1-lab.com. | 2
host2-lab.com. | 2
host3-lab.com. | 2
TCP sessions stats:
--------------------------------------------------------------------------------
destination ip:port | times connected total (good / bad) | total length
--------------------------------------------------------------------------------
192.0.114.207:8081 | 21 (4 good / 17 bad) | 8808
127.255.90.214:51001 | 16 (0 good / 16 bad) | 0
192.0.105.184:443 | 2 (2 good / 0 bad) | 11866
192.0.112.19:8080 | 2 (1 good / 1 bad) | 408
192.0.80.137:42272 | 1 (0 good / 1 bad) | 3057
192.0.80.137:41012 | 1 (1 good / 0 bad) | 3505
UDP sessions stats:
--------------------------------------------------------------------------------
destination ip:port | quantity | total length
--------------------------------------------------------------------------------
192.0.80.137:48723 | 1 | 8
192.0.80.137:40030 | 1 | 8
192.0.80.137:59320 | 1 | 8 11
12. PCAP analysis with Scapy
from scapy.all import *
packets = rdpcap('tcpdump.pcap')
for packet in packets:
if TCP in packet:
if Raw in packet:
print('from {} to {}'.format(packet[IP].src, packet[IP].dst))
print('payload:')
print('{}'.format(packet[Raw].load))
> from 127.255.210.110 to 192.0.140.246
> payload:
> GET /configs/main.cfg HTTP/1.1
> Host: 192.0.140.246
> Accept: */*
12
23. Scapy “/layers/inet6.py”
#138: Do Me - RFC 2894 - Seems painful
...
#143: Do Me - RFC 3810
...
#148: Do Me - SEND related - RFC 3971
#149: Do Me - SEND related - RFC 3971
...
# tous les messages MLD sont emis avec une adresse source lien-locale
# -> Y veiller dans le post_build si aucune n'est specifiee
# La valeur de Hop-Limit doit etre de 1
...
23
not implemented :(
24. Examples
from scapy.all import *
def test_ipv6_icmptype_148(self):
# make ICMPv6 type 148 from ICMPv6Unknown
payload = ICMPv6Unknown(type=148, msgbody='test_type_148')
ipv6 = IPv6(dst=self.ipv6)
sr1(ipv6 / payload, timeout=2)
24
25. PCAP packets replay with Scapy
from scapy.all import *
packets = rdpcap("tcpdump.pcap")
new_mac = 'DE:EE:11:33:33:77'
new_src = '123.34.45.56'
for packet in packets:
packet[Ether].src = new_mac
packet[IP].src = new_src
send(packet)
25