Modifying Packet Captures with tcprewrite

Recently I wanted to look at the structure of sFlow packets. Of course I can read the specs, but it’s often easier to look at some real packets. So I set up a simple network, configured sFlow, created some traffic across the network, and used tcpdump to capture the sFlow packets.

Unfortunately I had a bit of a brain fade, and configured sFlow to use port 2055, not port 6343. So it looked like this:

vagrant@ubuntu:~$ tcpdump -r sflow.cap
reading from file sflow.cap, link-type EN10MB (Ethernet)
13:48:37.812602 IP 10.254.4.125.44695 > 10.254.4.170.2055: UDP, length 148
13:48:57.813663 IP 10.254.4.125.44695 > 10.254.4.170.2055: UDP, length 148
13:48:59.061629 IP 10.254.4.125.44695 > 10.254.4.170.2055: UDP, length 232
13:49:17.806908 IP 10.254.4.125.44695 > 10.254.4.170.2055: UDP, length 148
13:49:37.804433 IP 10.254.4.125.44695 > 10.254.4.170.2055: UDP, length 148
13:49:57.806000 IP 10.254.4.125.44695 > 10.254.4.170.2055: UDP, length 148
13:50:17.808959 IP 10.254.4.125.44695 > 10.254.4.170.2055: UDP,  Continue reading

Technology Short Take #59

Welcome to Technology Short Take #59, the first Technology Short Take of 2016. As we start a new year, here’s a collection of links and articles from around the web. Here’s hoping you find something useful to you!

Networking

  • Nir Yechiel posted an article on using the Cumulus VX QCOW2 image with Fedora and KVM. Cumulus VX, if you aren’t aware, is a community-supported virtual appliance version of Cumulus Linux aimed at helping folks preview and test “full-blown” Cumulus Linux (which, of course, requires compatible hardware).
  • NAPALM (Network Automation and Programmability Layer with Multivendor support) looks like a really cool tool. I haven’t yet had the opportunity to work with it, but it is definitely something I’d like to explore in more detail. Here’s an article on an effort to add Cisco IOS support to NAPALM. Gabriele (the author of that post) also has a nice article on some resources to get you started with network automation.
  • Using Python and Netmiko for network automation is the topic of this post by Colin McAlister. This is a good introductory post, and one that I plan to leverage as I dive deeper into these tools.
  • Kuryr (the OpenStack project to allow Docker Continue reading

Raytheon names enterprise security spinout Forcepoint

Raytheon has given a name to the enterprise security business it has been piecing together for the past few years: Forcepoint.The new entity that it is spinning out rolls up Raytheon Cyber Products, Websense (which the company bought an 80% share in last year), and next generation firewall vendor Stonesoft that Raytheon agreed to buy last fall and now owns.Forcepoint says its plan is to continue integrating products from the three entities so it can offer a range of protections including Web, email and endpoint security, data loss protection, firewalling and analytics all under one cloud-based umbrella.Raytheon’s history supplying products to the Department of Defense demonstrates its broad expertise that could be transferred to mainstream enterprises, says Chris Christiansen, an analyst with IDC. “It remains to be seen what they do with integrating products, how they leverage their government experience, whether they can expand out,” to general enterprises, he says.To read this article in full or to leave a comment, please click here

It’s no wonder analytics startups are raking in venture dollars

As we documented this week in our latest Big Data & Analytics Companies to Watch slideshow, venture capital is pouring in to firms looking to help organizations better exploit all the data they're gathering and generating. What's becoming really interesting though is that these companies are starting to target specific areas -- from security to network management -- so that you can actually tell them apart now.Consultancy Deloitte hammers home the increasingly diversified nature of analytics in its new Analytics Trends report in which it cites 6 areas to watch:To read this article in full or to leave a comment, please click here

Fortscale’s user behavioral analytics solution provides full context when truly malicious behavior is detected

This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  One of the weakest links in security systems is end user credentials. They are often abused by their legitimate owners, and stolen by malicious actors. The 2014 Verizon Data Breach Investigations Report revealed that 88% of insider breaches involve abuse of privileges, and 82% of security attacks involve stolen user credentials.An external attacker might use a stolen set of credentials to make the initial infiltration of a network, to make lateral movements inside the network to gain access to sensitive data or information, or to exfiltrate data to complete the breach. This type of activity is hard to detect because the credentials themselves are legitimate—they are just being used the wrong way.To read this article in full or to leave a comment, please click here

Intro to Jinja2

 
 

What is Jinja2

Jinja2 is a templating language that was originally used as part of the Flask python web framework. From the Jinja2 website

Jinja2 is a full featured template engine for Python. It has full unicode support, an optional integrated sandboxed execution environment, widely used and BSD licensed

It was originally developed to help automatically generate HTML dynamically as part of the flask framework, more on that in another post, but it can also easily be used to help us generate our configuration files for our infrastructure devices.

This is going to be a very simple introduction to a few of the basic concepts of that jinja uses which, hopefully, will help to understand how Jinja can be used as a first step down the road of gaining automation skills.

We’ll take a look at a developing some intuition on how Jinja2 can be used to create basic network infrastructure device configurations. This is definitly not the modern method of interfacing directly into the control/data/management plane of devices using APIs, but it’s definitely a step in the right direction on understanding how a bit of code can help make your life better.

Prereqs

I’m assuming you’ve already Continue reading

5 stages of a Web app attack [Infographic]

Web application attacks are among the leading causes of data breaches, according to Verizon's 2015 Data Breach Investigations Report, which looked at data from 80,000 security incidents and over 2,000 confirmed data breaches in 61 countries. The report also found that weak or stolen credentials account for over 50 percent of breaches involving Web applications, and those in the financial services sector are favored targets for Web application attacks.Statistics like that are enough to make anyone sit up and take note.To read this article in full or to leave a comment, please click here(Insider Story)

Android banking malware SlemBunk is part of a well-organized campaign

An Android Trojan that targets mobile banking users has evolved into a sophisticated, persistent and hard-to-detect threat, suggesting that it is part of a well-organized attack campaign.Researchers from security firm FireEye first documented the Trojan in December and named it SlemBunk. Once installed, it starts monitoring the processes running on the device and when it detects that a mobile banking app is launched, it displays a fake user interface on top of it to trick users into inputting their credentials.The Trojan can spoof the user interfaces of apps from at least 31 banks from across the world and two mobile payment service providers.To read this article in full or to leave a comment, please click here

Cisco, AT&T & others declare June 20th will be World Wi-Fi Day

With all the unofficial/official international/world/national days that various tech and governmental organizations and their marketing arms have carved out in recent years (World Paper Free Day, Data Privacy Day, etc.), it's amazing that the Wireless Broadband Alliance found an open spot on June 20 to set aside for the inaugural World Wi-Fi Day. But let it be known henceforth that June 20th shall be a day "to accelerate affordable wireless connectivity around the world" and "to recognize and celebrate the significant role Wi-Fi is playing in getting cities and communities around the world connected."To read this article in full or to leave a comment, please click here

1 3,174 3,175 3,176 3,177 3,178 3,833