My Photo
Subscribe to this blog's feed




Recent Comments

LMT Authors

Recent Posts

215 posts categorized "Open Source Tools" Feed

March 31, 2013

HashCheck for Windows (by Joke Snelders)

Just another small tool, only 85KB, with great potential.
HashCheck provides an easy way to check, which files are changed or deleted.
This tool might help you, when you want to monitor folders, for instance the Program Files folder. This can be very handy, when you install/uninstall programs.
It can be very handy to see, which files are changed or removed.

You can download HashCheck here.

Run HashCheckInstall-2.1.11.exe.
HashCheck adds a Checksum tab to the file properties dialog box.
You can run HashCheck on a single file or folder, but also on multiple files and/or folders.

In this article I'll give you an example based on the folder C:\Program Files\Wireshark.

You can download the latest version of Wireshark here and all versions of Wireshark here.

I have first installed Wireshark version 1.9.1.

Run HashCheck
• Open Windows Explorer and navigate to C:\Program Files\Wireshark
• Right-click on the folder "Wireshark"
• Select Properties
• Select the tab Checksums to view the hashes.

HashCheck_Checksums_WS1.9.1_LMT39
 Click on image to enlarge

 

Continue reading "HashCheck for Windows (by Joke Snelders)" »

Posted in Joke Snelders, Open Source Tools | | Comments (0) | TrackBack (0)

| |

March 17, 2013

Wireshark Development Release 1.9.1: Export SMB2 Objects (by Joke Snelders)

Wireshark can now export SMB2 Objects.
You don't have to do it the hard way anymore, as I described in my articles "Wireshark and SMB2: extract files part 1 and part 2".

Thanks to Jose Pico of Taddong. He filed an enhancement bug report and submitted a patch to implement the feature "Export SMB2 Objects" in Wireshark.

Right now this new feature is only available in the Development Release.
You can download the latest Development Release, version 1.9.1, here.

Continue reading to learn how to export SMB 2 object.

Wireshark_download_LMT38
 Click on image to enlarge


Continue reading "Wireshark Development Release 1.9.1: Export SMB2 Objects (by Joke Snelders)" »

Posted in Joke Snelders, Open Source Tools | | Comments (0) | TrackBack (0)

| |

March 11, 2013

The Other "Remote Desktop Connection" (by Casey Mullis)

We (IT people) all have had that question from family or friend through the years. Ring Ring……Ring! Hey buddy, my computer started doing something I never seen before. I know you are on the other side of town or out of state, can you help me? What do you think it is?

We love to help but most of the time an answer cannot be reached until we are in front of the computer. I assure you after this article, you shall not have an issue with this any longer, unless the computer is dead completely.

TeamViewer is the name and sharing is the game!

 3-6-2013 4-04-07 PM

Continue reading "The Other "Remote Desktop Connection" (by Casey Mullis)" »

Posted in Application Performance, Casey Mullis, Open Source Tools | | Comments (2) | TrackBack (0)

| |

March 04, 2013

Open Source Forensics for Windows, MacOS, and Linux (by Casey Mullis)

There are many tools on the market today for conducting computer forensics. Many can cost you several thousand dollars, and then you have to pay a renewal fee to get updates.

I am a firm believer in not re-inventing the wheel.  If there are options out there to get the job done and it is free, then why not use it. The catch to doing computer forensics is the art of collecting information without altering the data. There are tools for this also but we will talk about those later.

  DFF

Continue reading "Open Source Forensics for Windows, MacOS, and Linux (by Casey Mullis)" »

Posted in Casey Mullis, Cyber Crime, Law Enforcement, Open Source Tools | | Comments (0) | TrackBack (0)

| |

February 26, 2013

SSL Key Management (by Jason Wells)



If you’re doing analysis on network captures, you’ll eventually run into the need to view encrypted data. This is especially true if you’re troubleshooting a secure web application like a shopping cart or online banking. If you’re doing this analysis in Wireshark, you’re somewhat caught between a rock and a hard place - you have to either:

  • Give your private keys over to the engineers, and let them install it locally in their copy of Wireshark in order to decrypt data
  • Have one location or virtual machine where the keys are installed on the machine’s copy of Wireshark, and have users share use of the machine

In the first case, you now face a situation where the very private keys used on your website - the whole reason your site is secure in the first place - now exist as multiple copies in multiple locations. Are you going to rely on policy that they be deleted? Or only limit access to one support engineer?

In the second case, you face the normal difficulties with trying to use one shared machine to operate a network tool. In addition, you must now secure this machine (likely a simple workstation) from intrusion to a degree necessary to protect one of your most vital assets - getting your SSL keys leaked is bad, bad news.


Continue reading "SSL Key Management (by Jason Wells)" »

Posted in Open Source Tools, Protocol Analysis, Switching & Routing | | Comments (0) | TrackBack (0)

| |

October 02, 2012

Five Reasons to Move to the Pcapng Capture Format (by Jason Walls)




The pcap capture file format has been the universal packet capture format since the early days of computer networking. Almost all capture tools support the pcap format. And while vendors have created new formats over the years, most tools support conversion into the pcap format.

While pcap continues to be used today, it does have some limitations that make other formats more attractive. A new format called “pcapng” has been under development for a number of years. The goal of pcapng is to address some of the shortfalls of pcap and create a flexible format for the future. With the adoption of pcapng as the default format for WireShark 1.8, there appears to be a growing push to support pcapng.

CloudShark’s recent 1.6 release also pushes ahead with improved pcapng support. The addition of pcapng allows CloudShark to unify pcapng’s per packet comment capability with CloudShark’s annotation capabilities.

So, what are some of the advantages of pcapng and why should you make the switch? Are there any limitations that need to be addressed before we’ll see large scale adoption of the new format?

Where did Pcapng come from?


Continue reading "Five Reasons to Move to the Pcapng Capture Format (by Jason Walls)" »

Posted in Open Source Tools, Protocol Analysis, Switching & Routing | | Comments (8) | TrackBack (0)

| |

July 30, 2012

Secrets of Vulnerability Scanning: Nessus, Nmap, and More - Sharkfest 2012 (by Ron Bowes)

Editor's Note: This session was recorded at Sharkfest 2012 - UC Berkeley, CA.

Vulnerability scanning - that is, remotely determining the security posture of a network-connected computer system - is one of the foundations of Internet security. These scans are based on thousands of individual vulnerability checks, each of which is carefully written to uniquely find a single vulnerability with minimal errors. This talk will take a deep look at how Nessu and Nmap vulnerability scans are written, demonstrating a combination of packet sniffing, reverse engineering, and trial and error!

Ron Bowes works as a vulnerability research engineer for Tenable Network Security. He is best known for his contributions to open source security software including the Nmap Security Scanner, for which he has written dozens of scripts covering a number of complex protocols.

Posted in Open Source Tools, Sharkfest | | Comments (0) | TrackBack (0)

| |

March 27, 2012

Is Enabling SNMP Worth the Security Risks? (by Chris Greer)

Security hole

Does SNMP open a hole? Well, kindof. Is it worth it? If it's configured right, YES!

The data that can be collected from switches and routers via SNMP for monitoring and analysis is completely invaluable. Information such as port utilization, device connectivity, errors, packet drops, discards, and other critical network health statistics are available with SNMP, but only if it is enabled!
Most switches and routers these days (even the cheaper home networking ones) support SNMP.

However there is still the idea floating around out there that enabling it will make a network vulnerable to security attacks. Also, some published material out there in cyberspace makes the claim that enabling SNMP will make your network unsecure. It is true that enabling SNMP on switches and routers will open a door into their management, however, there are a couple ways that we can lock up SNMP pretty tight and get the full benefits of having monitoring on the network.

1.   Community string with access list.

Continue reading "Is Enabling SNMP Worth the Security Risks? (by Chris Greer)" »

Posted in Chris Greer, Deep Packet Inspection, Open Source Tools | | Comments (8) | TrackBack (0)

| |

January 07, 2012

Wireshark: Using Configuration Profiles (by Joke Snelders)

This is a another great feature in Wireshark: Configuration Profiles.
In this article I will show you how to create and use profiles. By sharing one of my profiles I will also show you how easy it is to copy and share existing profiles.

You can use different profiles for different purposes. You can create separate profiles for analyzing capture files, that contain certain protocols or to analyze wireless capture files.
You can also create different profiles for different companies. Thus you only have to save the capture filters, display filters and other settings, that you use for Company A, in the profile for Company A. Those settings don't bother you while working at Company B and using their specific settings.

Tor_01
 Click on image to enlarge

 

Continue reading "Wireshark: Using Configuration Profiles (by Joke Snelders)" »

Posted in Joke Snelders, Open Source Tools | | Comments (0) | TrackBack (0)

| |

December 16, 2011

Wireshark and SMB2: extract files – part 2 (by Joke Snelders)

This is the second article about extracting files from Wireshark capture files.
The sample file smb2_pdf2_06f.pcap contains the file WP_SMBPlugin.pdf: A tool for capturing SMB files with Wireshark by David Perez & Jose Pico.
The size is 1.48 MB (1.508.939 bytes). This makes it more complicated, but not impossible to extract the pdf.

You can download the files here:
• sample file smb2_pdf2_06f.pcap
• pdf Download WP_SMBPlugin.pdf

Open the file smb2_pdf2_06f.pcap.
Select a packet in the Packet List.
Right-click and select "Follow TCP Stream" in the context menu to open the "Follow TCP Stream" dialog box.

Select the conversation from "10.0.0.11:49208 -> 10.0.0.12:445 (1516006 bytes)"
Select "raw"
Hit "Save As" and save the file as pdf2.pdf.

Smb2_pdf2_01
 Click on image to enlarge

Continue reading "Wireshark and SMB2: extract files – part 2 (by Joke Snelders)" »

Posted in Joke Snelders, Open Source Tools | | Comments (0) | TrackBack (0)

| |

Next »

LMT Advertisers


LMT Sponsors

News From LMT Sponsors

  • Endace

  • Datacom

  • NetScout

  • WildPackets

  • Sharkfest

  • Anue Systems

  • National Instruments

  • Riverbed

  • Net Optics
  • Garland