After capturing some packets with Wireshark, I want to keep record of them i.e: I want to generate a binary file with the captured packets. Therefore I click on:
File -> Save as
among the different extensions, you can select "Visual Networks traffic capture (.)" which apparently generate a binary file without extension.
I have been unsuccessfully looking for more info about this type on Internet. Can somebody tell me what is this extension? Is this file format compatible either with Windows and Linux?
Thanks.
Those files are from software from a company called Visual Networks:
http://web.archive.org/web/20010119000200/http://www.visualnetworks.com/
Fluke bought them in 2005:
http://www.washingtonpost.com/wp-dyn/content/article/2005/12/02/AR2005120201910.html
and they now appear to be owned by NetScout - if you try going to http://www.visualnetworks.com, you end up at NetScout's site.
The files are from their Visual UpTime software; support for those files was added back in 2001.
I can't find the documentation on any of their possibly-now-no-longer-offered software, so I don't know whether they put a standard extension on the files. Some of the files I have, from bugs and e-mail messages, have the extensions ".vn", ".cap", ".pkt", and ".vis", so I don't know which, if any, of those are the "standard" extension.
So Wireshark doesn't know what extension to put on the files, and doesn't provide one.
Extensions aren't "compatible" with OSes. File formats are compatible with programs that read the files; Wireshark can read Visual Network files on all OSes on which it runs. And there isn't an extension for those files, anyway.
The Windows and OS X desktop environments tend to recognize file formats based on extensions, so, without an extension, you probably won't be able to open a file by double-clicking on it. Some free-software desktop environments used on OSes such as Linux may also look at the beginning of the file to determine the file type, and would be OK with files without an extension, and newer versions of the database they use have an entry for Visual Networks files - but they don't have a MIME media type for them, so Wireshark can't register as the reader for those files, so double-clicking probably won't work there, either.
So, to open one of those files from the GUI, you'd have to use the File -> Open menu item in Wireshark, or anything else in the GUI that lets you say "open this file with this program".
However, the native file formats for Wireshark are pcap and pcapng, and if you've captured traffic with Wireshark, you should really save them in pcap or pcapng format unless you want to read the capture in a program that doesn't understand pcap or pcapng but does understand some other format that Wireshark can write.
Related
I want to make a program that opens two different programs (one virus file that infects the computer and one that is the real program). I have tried with .bat files, but it requires me to write the path to the file that includes the name of the targets user account. The problem is that i don't know what the target has named his account. Is there any way a program can search the sub folder and find the target programs automaticly? (Im planning on having that program with the folder "first" and in that folder the virus and the actual program will be)
Sorry for bad English
You can use Veil-Framework or metasploit to embed a payload into a file, and it accepts several different formats. Then you have to use social engeenering to distribute the infected file. Youll have to do some tests in local to ensure that infected file evades antivirus (the av evasion is the hard thing to do here as signatures of known payloads are also known by av software).
Renember that infecting a remote computer not owned by you can be considered a delictive act an can get you into legal issues.
Hope this helps.
I have a number of capture files that I am trying to merge. The merge files are from linux servers (both Ubuntu and Centos), a Macbook Pro and from a Windows machine. They all play nice with the exception of the mac dump.
But when I try to merge the files from the mac I get this error:
"mergecap: Record 222 of "scenario_4_mbp.pcap" has an interface ID which does not match any IDB in its file."
I looked at the specific packet and it is a Dropbox LAN sync Discovery Protocol. For my purposes I don't even care about it, and I would just as soon like to filter it out but I cannot seem to get the filter correct.
I tried to filter with:
ip.proto != db-lsp-disc
ip.proto not db-lsp-disc
but I get an error and nothing is filtered.
Assuming I am able to apply a display filter how do I save the file sans the dropbox packets? And ultimately, will this solve my merge issue?
I can read and open the file just fine with Wireshark, but I cannot merge it with the other files from the scenario.
Then this is probably a bug in mergecap. Please file a bug on the Wireshark Bugzilla, and, if possible, attach to the bug capture files that demonstrate the bug.
I have the same problem, and the offending file in my case was also created with tcpdump on a MacOS machine.
I was able to solve the problem by opening the offending file in Wireshark, which has no problem with it, then doing a "Save As" into a new .pcapng file, then running mergecap again replacing the offending file with the newly created copy.
Saving as a regular .pcap file seemed to work, too, but there are comments in the file (interface names, at least) that regular .pcap strips out.
What are the best practices for where a cross-platform FireMonkey program should put INI files? Are INI files even the right approach?
For Android: in "shared storage"
For MacOS: in INI file
https://delphihaven.wordpress.com/2015/06/11/ccr-prefsinifile-on-github/
CCR.PrefsIniFile on GitHub by Chris Rolliston (he is on stackoverflow also: https://stackoverflow.com/users/2778930/chris-rolliston)
Just a small post to say the the native Preferences API wrappers for Android, iOS and OS X I published to Google Code a while back are now on GitHib:
https://github.com/chrisrolliston/CCR.PrefsIniFile
Both the Android and Apple versions should also now compile in XE8.
If you are searching for one location that will fit all platforms then I'm afraid you won't find it.
You see each platforms has its own preference on where the settings files are stored.
So you should read each platforms guidelines and make sure your program uses those locations.
Failing to do so and trying to save the settings in some different folder might fail completely as many platforms limit of which folders can your application access at all.
Now as for which format should you use? Should this be INI files or something else?
On windows it is completely up to you which format you use. You can use system registry, INI files (pretty common), XML files (becoming quite common lately) or even some custom formats like Typed files (binary files) that Delphi is capable of working with.
But this does not apply to all platforms. Some platforms might even limit you in which format you store your settings.
So again you should read the platform preferences on this matter and adapt.
In windows INI files became ubiquitous as a fast, easy to use method. But as they became larger they became much slower and it was difficult to implement structured storage. Hence the move away from INI files towards Registry/Registries. But that is not an option for cross platform, so there has been some drive back towards INI file structures, but depending on size this could still be slow. One of the more interesting approaches I have seen is in this skill sprint which (mis)uses JSON to create files equivalent to old INI files (and allows structure too). See here JSON - the new INI file. As to where, I think you need to read the recommendations for each target as the recommended location could be different for each.
When I was learning Portable Executable (PE) file format for windows, tools like PE-Explorer and PEView helped me in learning things quickly and nicely. Now, I need to learn and understand the apple quick time file format. Are there any
Tools with which I can browse the quick time format?
Export sections of the file?
Any additional resources other than the specifications?
PS: I'm on windows and I don't have mac/macOS
Tools with which I can browse the quick time format?
On Windows you can use MP4 Explorer, and since it is open source you can also learn from it. Since MP4 uses a similar structure to QuickTime you can use it for both.
There is also the old Dumpster tool from Apple. There is an old version of this tool for Windows, but I could not find it in the Apple developer site. This forum post has a copy that you can try. This is very old though, I'm not sure if it'll work with recent QT files.
If you can obtain access to a Mac running OS X, then you can use Dumpster or Atom Explorer.
Export sections of the file?
I don't know of any public tool for this. Your best bet is to extend MP4 Explorer to do this, or write your own parser. Parsing the atoms is actually pretty simple, things start to get complicated when you need to interpret the content of the atoms and cross-reference them to, for example, locate where the frame data is.
Any additional resources other than the specifications?
The QuickTime file format specification is the best resource for Apple generated QuickTime files, but you may need to do some reverse engineering, as the spec is not very complete in some areas, like the handling of MPEG-2 and MPEG-4 video. If you have access to ISO specs, then ISO/IEC 14496-12 is a standardized version of the QuickTime format (or better said, of a subset of it). The ISO/IEC 14496-15 specification builds on top of 14496-12 and defines a specific implementation of this format for the H.264 format. This is the so called MP4 format.
With the above three documents you should be pretty good in terms of documentation.
The MPEG4 (.MP4) file format is based on the QuickTime file format. You should be able to use the MPEG4IP tools to examine .MOV files. You can find windows binaries here.
Media Box Viewer does exactly this and much more. In addition to Quicktime, it can also open mp4, 3gp, etc. It runs on all platforms, Windows, Mac, Linux, etc.
It can be downloaded from www.jdxsoftware.org.
Creating a ruby on rails site that uses RMagick to create thumbnails for many types of images. RMagick cannot read dwg files however.
I've tried a few things, looked into the Java library JDWGLib, which would probably allow me to write a converter, but it would be a total from the ground up solution, where I just need a thumbnail.
Also considered using a viewer program to open the file in a remote X session and do a screen capture, however I'm not sure how I could ever guarantee that the viewer had completed opening when I took the screenshot.
I'm not concerned with being able to manipulate the file other than to create the thumbnail. It is going to be used for commercial purposes, so any libraries used need to be compatible.
cad2svg is a simple Linux command-line utility that automatically converts AutoCAD files (both dwg and dxf) to SVG.
the link
I could not find any command-line-able tool for making thumbnails, on either windows or linux.
I guess you could download the DWGdirect lib (C++) wich allows the exportation of a DWG to a bitmap... but this requires purchasing a membership license on the """Open""" Design Aliance.
I would recommend adding an additional file input on your form that says "thumbnail". And let the users provide the screenshots.