Re: Network Sniffer
Please keep on list! > >> The Question is, what you mean with "view the captured content". > > As I said before, for example, the text I send to a web site > filling a form. - google for a beginners guide how to use Wireshark and read !!! - Install Wireshark on your client PC where you fill the form (available for Linux and Windows). - Start Wireshark, select the proper interface and start capture. - Fill out your form on your web client and send it to the webserver - Stop capturing on Wireshark and - look/search for the packages who carry the information and see Wireshark is able to decode a lot of protocols ... > Or a password I send when authorizing (when plain). - same as above > > In wire shark I saw that in RT. > > Can tcpdump show that? - tcpdump is a online tool how capture and display the packages. But you should only use it if you understand what you do. - tcpdump can write all necessary packages in a file and later, you can read and decode it with Wireshark. If you want use tcpdump, you can do this on (web) server and/or web client, eg.: tcpdump -i any -s0 -w /tmp/mycapturefile.pcap or tcpdump port 80 -i any -s0 -w /tmp/mycapturefile.pcap # with filter Please read the manual before you asking next! Meike -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/cafnhia-c+33rtxpzx9_0r1uu-bccpvtbnyshssnvkabxva7...@mail.gmail.com
Re: Network Sniffer
2013/2/2 Sthu Deus : > Good time of the day, Meike. > > > Thank You, Meike, for Your time and answer. You wrote: > >> What u mean is a "Network Forensic Analysis Tool" (NFAT). >> You can capture with tcpdump or other similar tool (tshark, ...) in a >> file and analyze this file later. > > So, besides now and latter - tcpdump has no such a feature as to show > traffic content? - I do not say sorting / grep-ing /whatever it - that > can analysis do - I simply want to view the captured content - can > tcpdump show that? The Question is, what you mean with "view the captured content". * So if there are e.g. images in the captured http or ftp, or ... stream and you like to see them, then NetworkMiner "http://www.netresec.com/?page=NetworkMiner"; is doing this job without any knowledge about the protocols .. * Content can also be crypted username/password ... e.g. in radius or https/ssl. Then is "Wireshark" your friend. Wireshark is able to decrypt this, if you have the private key or shared secret ... Content is all the payload on a network. But there are so many different kinds, there is no single tool to "display the content" So explain what you want to do exactly, but don't let us guess ;-) kindly regards Meike -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAFNHiA_uDjQ1erKwoXmqJi9qVer92+V6U=twedry0k8+d5o...@mail.gmail.com
Re: Network Sniffer
> >> you can also try tcpdump. you can capture traffic wothout a GUI and >> then analyze it in wireshark. > > By the way do You know how to see the captured packet data w/ tcpdump > w/o using wireshark? - Under the data I mean not technical > communication data but the useful data the packets carry - like > transmitting some text to a web page, etc. > What u mean is a "Network Forensic Analysis Tool" (NFAT). You can capture with tcpdump or other similar tool (tshark, ...) in a file and analyze this file later. http://www.xplico.org http://www.netresec.com/?page=NetworkMiner ... Kindly regards Meike -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/cafnhia82iovuvy0qqyjfbmgen1fcsoljq3tyqizapbgycy9...@mail.gmail.com
Re: Network Sniffer
> > you can also try tcpdump. you can capture traffic wothout a GUI and then > analyze it in wireshark. Don't forget the -s0 switch while using tcpdump or u are going to miss some traffic Kindly regards Mike -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAFNHiA-fE_avrGraaF=vzEc+=en066fzef2+rby+0zogpak...@mail.gmail.com
Re: let logrotate create an new empty file?
> > You simple place the log files in a different place where the user that > creates the files has write perms or accomodate the "/var/log/ > your_application/*" directory permissions. > Yes I did this, and changed the rights to the user from the script: mkdir /var/log/script chown script.root /var/log/script chmod 640 /var/log/script But logrotate "complains": = ~# logrotate -d /etc/logrotate.d/script reading config file /etc/logrotate.d/script reading config info for /var/log/script/script.log Handling 1 logs rotating pattern: /var/log/script/escript.log 10485760 bytes (99 rotations) empty log files are not rotated, old logs are removed considering log /var/log/script/script.log error: "/var/log/script" has insecure permissions. It must be owned and be writable by root only to avoid security problems. Set the "su" directive in the config file to tell logrotate which user/group should be used for rotation. error: stat of /var/log/script/script.log failed: No such file or directory == My goal was NOT create the logfile on my own (as root). so now, the only ("true") solution is to create the file an change the rights to user "script". Logrotate is an great tool, but I thought it also can create the file (instead of user who mostly has not sufficient rights), because logrotate runs (ever) as root. Would be a nice feature for an "comprehensive carefree package"of logrotate. Thanks Meike -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAFNHiA9QP=vnqya2-+5ncqu5cspebq52gvg_pc+1ww0rxyz...@mail.gmail.com
Re: let logrotate create an new empty file?
> >From your explanations, I understand that logrotate would create the > file if logrotate rotates the file, which requires the file to exist in > the first place, so create it manually and let logrotate rotate and > create the file in the future. Does that work? (This somewhat ignores > issues with file permissions that may exist.) Yes, this works, but I don't want to create this with an extra command, because the application (script) delivers the own crontab (/etc/cron.d/ and own logrotate (etc/logrotate.d) file. I thought this is enough and that logrotate is going to create the logfile with the right permissions. So maybe I overlook something in the configuration from logrotate? If it is not possible, so I have to use "install" or "touch,chmod/chown" ... Meike -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/cafnhia-vxt9dfvz7hr+ccptu2pg0m6iwbytvlq8m312g+u1...@mail.gmail.com
let logrotate create an new empty file?
Hello dear list, I've a problem with creation of a logfile in /var/log. I have running a cronjob with a script, that should log in a file under /var/log/. (using logger is not possible) The script is running under a normal user. Logrotate should care for filesize and pack them. My Problem is, that the script is not allowed (because of insufficient rights) to create a logfile under /var/log on it own. So I thought, that logrotate can do this for me and set the permissions that the user can write (statement: create 644 user root). But thats wrong. Logrotate creates only an empty file if it rotated the file before. Also using the option "nomissingok" does not work, because it only throws (as the man says) an error message (instead of create the file). Also to use a logrotate script ("prerotate" or "firstaction") like: /bin/touch /var/log/script.log /bin/chown user.root /var/log/script.log /bin/chmod 640 /var/log/script.log is not possible, because the actions are only executed if the conditions are fulfilled for rotation.. So anyone has an idea to create the logfile? Many thanks in advance Meike -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAFNHiA_0xi=QZvd4n-qcEyvY=fyc-dxgzrnmzwvjc73cdnz...@mail.gmail.com
need kernel update for lenny ..
Hello dear list, I've running an Debian Lenny and can't upgrade to Squeeze for the moment because of special software ... Now the Server crashed two times. The error message is every time (taken from the console): "Filesystem "dm-2": XFS internal error xfs_trans_cancel at line 1163 of fs/xfs/xfs_trans.c Caller 0xf8s8656d Filesystem "dm-2": Corruption of in-memory data dedected. Shutting down filesystem: dm-2 Please umount the filesystem, and rectify the problem(s)" The Partition "dm-2" is mounted to /var, so I don't have more information from the syslog or dmsg .. On the server is running a Webserver, a (r)syslogd and mysql database. Nightly, filtered logfiles from rsyslogd are imported to the database. This is located on the /var-Partition too. In the Internet I found similar problems here: [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512779 and here: [2] http://oss.sgi.com/archives/xfs/2011-07/msg00473.html In the second link, someone told that the problem may solved in the kernel 2.6.30. I tried to upgrade to the latest kernel via: deb http://ftp.de.debian.org/debian-archive/debian/ lenny main deb-src http://ftp.de.debian.org/debian-archive/debian/ lenny main and aptitude update aptitude safe-upgrade but I had no luck, nothing to upgrade. The Server is going to migrate to new software (and Debian) in three month, but until then i need a stable system. So does anyone has an idea how to solve the problem? Thanks Meike -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAFNHiA9BJC8wzi1eCCZsVHJSS8KWKAYN3uzi=6cunvhe0ei...@mail.gmail.com
Re: LVM creation methods
2012/7/20 Muhammad Yousuf Khan : > i was reading a document where a person has configured physical volume > and didn't use fdisk > he just directly created the partition by "pvcreate /dev/sda" > > and there are some documents which shows the utilization of fdisk and > converting sda1 to "8e" type which is LVM. > > so the question is what is the difference b/w creating it directly on > disk by pvcreate command and by using fdisk. from the manual page of pvcreate: "pvcreate initializes PhysicalVolume for later use by the Logical Volume Manager (LVM). Each PhysicalVolume can be a disk partition, whole disk, meta device, or loopback file. For DOS disk partitions, the partition id should be set to 0x8e using fdisk(8), cfdisk(8), or a equivalent. For whole disk devices only the partition table must be erased, which will effectively destroy all data on that disk." So if you use a whole disk, it must be erased and have no partitions ... Nothing is wrong Meike -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAFNHiA_Ou=bnspntvkpxzfns-bfz2vvei0mhtkp47vtk1xd...@mail.gmail.com
Re: Error while try to get tcp socket options with lsof
> > > Also, from the FAQ mentioned: > > "3.14.1 Why doesn't lsof report socket options, socket states, and TCP > flags and values for my dialect? > ... > > Linux > No socket options and values, socket states, or TCP > flags and values are reported. The support for "-Tf" > could not be added to Linux, because socket options, > socket states, and TCP flags and values are not > available via the /proc file system." > > Thanks at all .. thats it! Sorry, should investigate more time to read.. ftp is blocked by firewall in our company so I didn't follow the link to FAQ.. :-( . But I cant believe, that Linux does not support that ... The tool ss (ss -teoi) from iproute2 can get at least some informations. But anyway, thanks for help, have nice weekend! Meike -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAFNHiA-1W7hmrDawC=ELp2tjpwv30o7kK2iGh=djebnzmm2...@mail.gmail.com
Re: "Size mismatch" during safe-upgrade
Thanks for help, problem was the web proxy from the company ... :-( Kindly regards Meike 2012/1/17 Scott Ferguson : > On 17/01/12 22:20, Meike Stone wrote: >> Hello, >> >> I use Debian 6 and tried to upgrade my system. I made as root a >> ~# aptitude update >> ~# aptitude safe-upgrade >> an got following error: >> .. >> .. >> >> Setting up linux-libc-dev (2.6.32-39squeeze1) ... >> E: Failed to fetch >> http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.32-5-amd64_2.6.32-39squeeze1_amd64.deb: >> Size mismatch >> >> Current status: 1 update [-44]. >> >> my sources.list: >> >> deb http://ftp.tu-chemnitz.de/pub/linux/debian/debian/ squeeze main >> contrib non-free >> deb-src http://ftp.tu-chemnitz.de/pub/linux/debian/debian/ squeeze >> main contrib non-free >> >> deb http://security.debian.org/ squeeze/updates main >> deb-src http://security.debian.org/ squeeze/updates main >> >> >> What can I do to solve the problem? >> >> >> Thanks Meike! >> >> > Try it again. Wait. Try it again. The recent point release may be > affecting it. > > If space permits it's a good idea to pre-download the packages before > doing an upgrade to save network surprises during the process. eg.:- > # apt-get -d upgrade > if that shows no warnings > # apt-get upgrade > > There is probably an equivalent for aptitude. Sorry I don't have the man > files to quote. > > > Cheers > -- > Iceweasel/Firefox extensions for finding answers to Debian questions:- > https://addons.mozilla.org/en-US/firefox/collections/Scott_Ferguson/debian/ > > > -- > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: http://lists.debian.org/4f155dc9.6050...@gmail.com > -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/cafnhia-gjcs6uqvvtf--py7b42ktaz5qpy8eehdzhque0mr...@mail.gmail.com
"Size mismatch" during safe-upgrade
Hello, I use Debian 6 and tried to upgrade my system. I made as root a ~# aptitude update ~# aptitude safe-upgrade an got following error: .. .. Setting up linux-libc-dev (2.6.32-39squeeze1) ... E: Failed to fetch http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.32-5-amd64_2.6.32-39squeeze1_amd64.deb: Size mismatch Current status: 1 update [-44]. my sources.list: deb http://ftp.tu-chemnitz.de/pub/linux/debian/debian/ squeeze main contrib non-free deb-src http://ftp.tu-chemnitz.de/pub/linux/debian/debian/ squeeze main contrib non-free deb http://security.debian.org/ squeeze/updates main deb-src http://security.debian.org/ squeeze/updates main What can I do to solve the problem? Thanks Meike! -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAFNHiA_TUpq-XoAaVhWsu0yUbiwx4YLmb=ay2h555fua+3y...@mail.gmail.com
Re: how to get the date of the last upgrade?
>> >> I tried this and it that seems that this file is not very reliable, or >> the logrotate does delete all other. The system is from 2008 an the >> term.log shows me only two entires from 2011. > > Yup, that's for the "latest" update run. > > The remainder updates are archived under "/var/log/apt/term.log.*.gz". > >> On rpm systems, I can use rpm -qa --last. Is there any similar command >> on debian? > > Ah, that command reminds my days with openSUSE :-) > > In Debian there are also "/var/log/dpkg.log.*.gz" files which list the > installed packages sorted by time. > Hello, Problem with this files is the logrotate. Default it keep only 6/12 versions ... But many Thanks! Meike -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAFNHiA-W5y4GDQ=g6_npnbg91yw9dnnjyunxrzod46ghjxp...@mail.gmail.com
Re: how to get the date of the last upgrade?
>> On rpm systems, I can use rpm -qa --last. Is there any similar command >> on debian? > > You could go for > > % ls -rtl /var/lib/dpkg/info/*.list Thanks, that solves my Problem .. Meike -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/cafnhia9iexpekdvgvgrejrxsorjgsd8xo6ohyxsmcug1-7m...@mail.gmail.com
Re: how to get the date of the last upgrade?
>> how can I get information when the last upgrade ("update") was done >> (apt-get upgrade or aptitude *-upgrade). > > "/var/log/apt/term.log" should tell. > Hello, I tried this and it that seems that this file is not very reliable, or the logrotate does delete all other. The system is from 2008 an the term.log shows me only two entires from 2011. On rpm systems, I can use rpm -qa --last. Is there any similar command on debian? Thanks Meike -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAFNHiA-WSN_q_Hg=BbU9FQb_DG=1w5t0sn+t_lovyipx1dc...@mail.gmail.com
how to get the date of the last upgrade?
Hello, how can I get information when the last upgrade ("update") was done (apt-get upgrade or aptitude *-upgrade). I have a few machines here, and I want to know when the last "system update" was executed. The Distributions are debian 5 and 6 Kind regards and thanx for help Meike -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/cafnhia9gcd-zyr3h-idoshxcae6zqwt0-rfsee8dorqee-j...@mail.gmail.com