:wq - blog » flowtag http://writequit.org/blog Tu fui, ego eris Mon, 22 Dec 2014 14:54:59 +0000 en-US hourly 1 http://wordpress.org/?v=4.1.5 Flowtag FreeBSD port http://writequit.org/blog/2008/07/14/flowtag-freebsd-port/ http://writequit.org/blog/2008/07/14/flowtag-freebsd-port/#comments Tue, 15 Jul 2008 05:03:39 +0000 http://writequit.org/blog/?p=186 I just finished up the FreeBSD port for Chris and Scholar’s flowtag. Flowtag is a neat tool for tagging network streams for collaboration and analysis. I’ve submitted the port to FreeBSD’s mailing list, so I’m hoping for upstream soon. In the meantime, you can download the port files on my miscellaneous page.

In other news, development on Hex 2.0 continues forward, we’re trying to get ports finished for inclusion in the ISO, (which is what spawns the flowtag porting), malware analysis took a backseat to sysadmin work due to a rather large project that just finished up. Hopefully I’ll have more time to post here soon, here’s what I’ve been working on:

– A simple C program to measure the index of coincidence of a file (for binary data instead of strings). This was going great until I tried it on a non-OSX OS, now I’m running into segfaults trying to get it to run on Linux (does read() behave differently or something?). I’ve also ported it to Windows (which works), but was a giant pain due to the fact that I don’t ever use Visual Studio.

– A binary file to hex string beautifier; basically, take binary data and print it in really nice strings for either a ruby or a C program. Why? Because I’m tired of manually formatting data for programs.

– A program to generate data with variable amounts of randomness (this is really used for work, but I might end up posting it here depending on whether I think it’s neat enough).

– Rewriting labview (our internal machine allocation management software). Okay, so Jon’s really doing most of the work, but that’s mostly because I don’t know how to do SQL “relations”, I’ll do more of the development soon enough.

– Biking to work. Yea, this isn’t technical, but I got a new bike so I’ve been trying to cut down on the commute, save gas, all that kind of stuff.

UPDATE: Just got an email the flowtag port has been committed, it should be showing up the next time you do a “cvsup” :)

]]>
http://writequit.org/blog/2008/07/14/flowtag-freebsd-port/feed/ 0
User-submitted modules: flowtag and clamscan http://writequit.org/blog/2008/02/11/user-submitted-modules-flowtag-and-clamscan/ http://writequit.org/blog/2008/02/11/user-submitted-modules-flowtag-and-clamscan/#comments Mon, 11 Feb 2008 20:14:48 +0000 http://writequit.org/blog/?p=145 I’d like to point out a couple of user-submitted modules for NSM-Console that are now included in the distribution.

Firstly, scholar01 has created a ‘flowtag’ module for NSM-Console to use Chris Lee’s  excellent Flowtag software for categorizing and tagging network flow for a packet capture. Thanks for the submission scholar01!

Secondly, JohnQPublic has created a ‘clamscan’ module to in order to scan the files extracted by either tcpxtract or foremost for viruses. The clamscan module uses the popular open-source antivirus ClamAV software. Thanks JohnQPublic!

Both of these modules have been committed into NSM-Console’s code, and while only flowtag is included in the 0.5 release, you can try them out by checking NSM-Console out of SVN with the following command:

svn co http://svn.security.org.my/trunk/rawpacket-root/usr/home/analyzt/rp-NSM/nsm-console nsm-console

Note that the majority of the code I commit to svn is stable enough for regular usage, it just doesn’t undergo the regular testing that the point-releases do before they are released.

Thanks to both authors for submitting modules, they’re now included in the ‘credits’ command. :)

]]>
http://writequit.org/blog/2008/02/11/user-submitted-modules-flowtag-and-clamscan/feed/ 0
NSM Console projected module list http://writequit.org/blog/2007/11/28/nsm-console-projected-module-list/ http://writequit.org/blog/2007/11/28/nsm-console-projected-module-list/#comments Wed, 28 Nov 2007 21:43:28 +0000 http://writequit.org/blog/?p=95 Here’s a list of all the planned modules and completed (struck-out) modules for nsm-console: (if a module is struck out, it’s because I’ve finished making a module for it, it isn’t necessarily in the tarball for download)

  • aimsnarf
  • ngrep (gif/jpg/pdf/exe/pe/ne/elf/3pg/torrent)
  • tcpxtract
  • tcpflow
  • chaosreader
  • bro-IDS
  • snort
  • tcpdstat
  • capinfos
  • tshark
  • argus
  • ragator
  • racount
  • rahosts
  • hash (md5 & sha256)
  • ra
  • honeysnap
  • p0f
  • pads
  • fl0p
  • iploc
  • foremost – thanks shadowbq!
  • flowgrep
  • tcptrace
  • tcpick
  • flowtime
  • flowtag
  • harimau
  • clamscan

Think of any other useful modules? Leave me a comment and let me know!

P.S. I’m also brainstorming for some pcap/real-time network visualization tools, stay tuned!

]]>
http://writequit.org/blog/2007/11/28/nsm-console-projected-module-list/feed/ 3