Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 years ago.
Improve this question
I have a pcap file which contains the attack to a local server environment I made. The attack to the local was made using Metasploit Framework on another Kali Linux machine and the traffic was captured with Wireshark using port mirroring on the router. I was able to exploit the system and get the local password.
The question is, how do I know which exploit I have used just by looking on the pcap file? I would like to give that file for forensic analysis.
Is there any way to find the exploit name on the pcap file?
Best regards
After further investigations, I was able to figure it out how to know which exploit has been used on the attack. I managed to configure SNORT, a IDS system, on my Kali Linux machine and pass the *.pcap file to it.
Snort will analyze that *.pcap file trying to find all traffic that matches for certain rules. If any traffic behavior matches with any snort rules, snort will prompt you with a message.
Taking this into account, I was able to gather exploit name after a match of the rule exploit.rules in Snort folder.
Snort has plenty of rules by default on his rules folder, so you just need to run the following command to the *.pcap file and pray for a match ;)
snort -r <your-pcap-file>
I hope this help to anyone who is trying to find which exploit has been used on a attack that was captured by tcpdump or wireshark.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed yesterday.
Improve this question
One of web tools we intend to use requires docker for installation. Due to limitation in resources, however, the only way for us to deploy this tool is on a shared university php webserver with an associated MySQL database. My question is, can you somehow convert or even "compile" this docker-dependent tool to get some simple package, similar, for instance, to Wordpress? Indeed, as per my understanding, Wordpress development does require docker, while the final package for Wordpress installation does not.
Is this operation of docker-removal possible and is there a standardised workflow? The tool in question is located in the following repository.
I have tried to install the tool as is, being blocked by the lack of admin privileges and the absence of docker on the described university webserver. I have experience in setting up Wordpress, I would expect for my tool of interest to have a more sophisticated installation process (compared to the current 3 steps) without docker and, for instance, to also require manual connection to an SQL-database.
Please excuse me for my limited understanding and layman terms, I am sadly not coming from a computer science background.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 10 months ago.
Improve this question
I've collected an array of packets on Wireshark and i'm wondering how do I filter that properly to see the most used ports / protocols?
I'd assume it'd be within "Analyze" "Filters" and then you'd have to create a specific one if this is the way of doing it, although I am unsure of how to properly express that in code.
I'd assume I dont need to provide any images of data for this query but if I should, please let me know
Any ideas?
How can I find out the traffic flow rates of my packets in Wireshark?
you can go to "statistics" then "ipv4" or "ipv6" depending of your network, then "destinations and ports".
It will give you the most used port and protocol.
Then you can just apply a filter by entering something like tcp.port == the_port in the searchbar (you have to replace tcp by the most used protocol and the_port by the port that you want to filter).
concerning the flow rate, you can find it with the flow graph. (again in statistics menu).
Have a nice day
JC
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 8 years ago.
Questions asking us to recommend or find a tool, library or favorite off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Improve this question
Is there any tool that can analyze in real-time a log (a custom server application) and output custom metrics over the log? Possibly some graphs on a web interface?
My typical use case is the following: I have a socket server receiving incoming requests. Each request is of a specific "type". I would like to see pieces of information like: how many requests occurred in the last N minutes? The average time of response for the requests (each logged request has its response time); How many requests of a single type has occurred in the last N minutes? And others.
I'm aware that specific information contained in a log item cannot be automatically extracted and I would probably need some coding to instruct the tool how to parse and understand the log, and how it could gather information out of it.
Is there a tool/software/system/monitor that could help with that?
Send Jabber/XMPP message to user#jabberserver.com when new line is appended to the log:
# tail --follow=name --retry /var/log/logfile.log | sendxmpp -i -u username -p password -j jabberserver.com user#jabberserver.com
username/password must be created on jabberserver.com. user#jabberserver.com must be loged in via Jabber/XMPP client that you write on your own (I prefer perl + Net::Jabber). Then you can do whatever you want with the incoming XMPP messages (store on DB, send e-mail, ...).
Tail is the most common tool I know of and if your on windows there is wintail.
At Ustream we needed a tool just like that, so we wrote Yolo. It is a general log parser and processor that can send data to StatsD, which aggregates the data you need (it supports counters, timing data and gauges) and sends to Graphite.
In a nutshell you just have to write a config file, setup a regexp parser to match your log data and setup the statsd keys you want to use. You don't have to write any code.
You can find an example config on Github.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
I need online file storage that supports webdav so I can mount the storage as a drive to my local drive, priority is speedy read and writes, can you give me some recommendation?
You can create your own using IT Hit WebDAV Server Engine for .Net. You will just need to click-through wizard in Viasual Studio. You will get the best performance if you select "store files and metadata in file system option".
I have some of my SkyDrive folders mapped as local drives on my machine, and it works pretty well. I have to admit that I haven't tested it for speed, so I'm not sure if it's up to the performance that you're looking for.
Some blogs to help you with the steps:
Connect Your SkyDrive To Windows Explorer
Access SkyDrive from Windows Explorer through WebDAV
http://www.nirmaltv.com/2010/02/02/how-to-map-skydrive-as-network-drive-in-windows/
Hope this helps!
Apache Jackrabbit ( http://jackrabbit.apache.org/ ) will do what you want. It has a very simple standalone deployment option that you can just double-click and then access the file system via WebDAV.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
I am developing an application in which it would be of great advantage to monitor all of the activity on a hard drive. I am using Diskmon to trace the activity and IOMeter to make particular requests to the drive. All is well, except that Diskmon only recognizes actual hard drives and unfortunately I only have one physical drive in the computers that I have available. This drive happens to have one partition for windows. So whenever applications or anything in Windows makes a request to the drive, it appears as extraneous data in the Diskmon log file.
As such, I am curious to know if there is anyway to create a "virtual hard drive" that is for all intents and purposes a normal hard drive with respect to Windows? I have tried creating a virtual hard disk (VHD) as supported by Windows 7. As far as I am concerned, it actually does appear as a hard drive because it shows up in "My Computer" as a new disk. Even IOMeter picks up on the VHD. However, Diskmon does not differentiate between the VHD and the true disk on which it resides. As such, the virtual drive feature (VHD) does nothing to accomplish my goal. My assumption is that the Diskmon application is using lower level Windows APIs in which the difference between regular data on a disk and those within a virtual disk are trivial.
Is it possible for me to create a true virtual disk that even the diskmon logging utility will be able identify as a genuine hard drive? Ideally, I would like to create such a virtual disk on a USB key, but from what I am seeing currently, the only option may be to buy an external hard drive.
Any help is greatly appreciated! Thanks