Networking :: Started Using Wireshark - Protocols Not Secure
Aug 20, 2011
I am new to using wireshark and I've been browsing around the packets it a bit. I figured I'd try and use it to cut into a protocol that isn't documented, that I can find, but doesn't seem particularly secure. I tried cutting into a protocol and I turned _everything_ off, but wireshark was still picking up packets left right and centre. So I decided to stop the internet daemon and still, packets were being sent over the internet. So I decided to pick some of the IPs and do a reverse look-up. Each and every one of the IPs are of Russian origin or close.
I'm under the impression that these are unwanted packets. I've also noticed that they are sending data from the same port: 32165. Another thing I noticed while doing reverse look-ups is a lot of these IPs are hit in 'Spam & Open Relay Blocking System' and 'Project Honey Pot' which seem to be spam blockers and trackers. What I should do or what I should investigate? The reverse look-ups are only providing me with the ISP which 'owns' the IP block the IP is apart of. They are from various ISPs every time.
I am a under-graduate student. my prof has implemented an adhoc protocol and simulated it on some network simulation software and it worked out of box. She want to implement it on real world unix/linux systems. i am sure it is possible, but i dont know where to start from.
I have ssh running on port 22 and that is the only thing I want in/out of this particular box (ssh, scp).But when I use iptables to set the default policies for INPUT, FORWARD, and OUTPUT to DROP and then allow 22:
I have setup NTOP on Centos 5.5 and am not seeing traffic that I am supposed to be seeing. We have a product that uses many different services including ssh. I have this system as a target on mirrored ports but am not seeing any ssh connections or activity when I look at the host machine that is connected to the target ssh client and vice versa. When I look under TCP/UDP Service/Port Usage it is not displaying all the services that are being used especially SSH. What could it be?
I have project which need to stream audio to multiple remotely connected devices on internet.the best protocol for streaming with minimum or no audio distortion.
I've run into a sort of catch 22.I installed wireshark via apt-get on my Eee 1008HA, but when it is launched, it does not allow any capture interfaces. I think this is because the shortcut created in my applications paneldoes not start it as root.So I went into terminal, typed in "sudo wireshark" and it popped up, as root. I was then able to capture on my wireless interface. However, if I try and specify my home folder as the location for the capture to be saved, I get an error that permission was denied, which seems odd since the process is running as root and should be able to do pretty much whatever it wants. How can I get wireshark set up so I can both capture _and_ save the .pcap files I generate? I'm running karmic koala, the full output of uname -a is: Linux ruckus-laptop 2.6.31-14-generic #48-Ubuntu SMP Fri Oct 16 14:04:26 UTC 2009 i686 GNU/Linux.
I have an ubuntu PC with 2 nics, 1 for the internet, the other one should be to connect other computers an analyze the network traffic with Wireshark. How do I configure this 2nd nic to achieve this.
I remember that in the past, I succeed to sniff network traffic with Wireshark but when I tried lately, it didn't work. - Enabled monitor and promisc mode using the command line and launched Wireshark with option 'promisc mode' on: didn't work. - Directly launched Wireshark with option 'promisc mode' on: didn't work. - Did the both previous things with option 'promisc mode' off: didn't work.
I installed Wireshark 1.2.7 on my Lenovo X61 tablet PC running Ubuntu 10.04 lucid during the quest for a decent signal strength meter for available wifi access points. What is a good software or hardware method to TEST WiFi strength & power?But I can't get Wireshark to do the simplest thing, which is to "Capture Interfaces".
I recently installed KDE in my ubuntu 10.10. To access KDE, I want to use startx /usr/bin/startkdeBut using it disables sound in KDE (Sound is working fine in GNOME). It doesn't sound for anything like login sound, totem, mplayer or any other playerBut when I press Alt+Ctrl+F1 to change to virtual console, the playback resumes from where it was in time and when coming back Alt+Ctrl+F7 and the time in totem (or any other player) doesn't move. While log out also it doesn't play logout sound and doesn't logout, so I have to press Ctrl+Alt+F1 so that logout sound play then it exits.When starting KDE by kdm or gdm, the sound works normally. But I don't want to login again using kdm or gdm and not to use root user to start kdm or gdm.I don't know what is the difference between when KDE is started by startx or by kdm/gdm where the same user login in kdm/gdm as that for startx
I'm an Oracle DBA and started working for my current employer about 4 months ago. This past weekend an alert re: FS space brought my attention to /var/spool/clientmqueue (full of mail re: cron jobs) and the fact that sendmail is not running on our Linux servers.I'm told that the IT security team deemed sendmail too vulnerable so we don't run it.Aside from FS filling up and missing notification of issues with crontab entries, I'm concerned that we may be missing notification of potential issues. In other Unix/Linux environments I've seen emails from the print daemon when it experienced problems with specific jobs.
Are there other Linux facilities aside from cron and lpd that use email to advise the users of possible issues? Are there ways to secure sendmail or secure alternatives to sendmail? My primary need/desire is to make sure that emails regarding issues on the server get to the appropriate users. Secondary goal would be to have the ability to use mailx to send mail out. There is No need/desire to receive mail from outside.
Yesterday I had to use my netbooks Acer restore program to restore my win7 partition to factory settings. This morning when booting up unbuntu, I was greeted with the guild freezing every time. I also booted in classic and had the same problem. I decided to open safe mode and deactivate each program one at a time. WHen I get to network manager Unity boots fine. I then try to start Network Manager from inside of Unity after it boots and as soon as it boots, the entire computer freezes again, it was booting fine until I had to restore my win7 partition, win7 networks still work. It's and Asus Aspire One 722.
I'm trying to set up a secure web tunnel at home I have an Ubuntu box (desktop), a Mac, and a Windows 7 box. I use all of them for different reasons. I want to be able to route traffic from my browser through my Ubuntu box. I have done this before with proxy servers abroad, but I want to do it using ssh and my box at home so I don't have to pay for a service i.e (Secure Tunnel)etc.
I followed the instructions at http://bit.ly/hAnp6u. However, using my Win7 box, after I set the browser part per the instructions, I get no connection from the browser.
I was wondering how safe is to use rdp to access my linux box. I am a little bit concerning about this issue because as I read on opensuse's web site rdp is "less" secure. The thing is that I do not know how much less is this "less"
My ubuntu system has been running really well until this morning - software update prompt appeared on the screen, so I ran with it and let it do its thing. A while after this, my WiFi network connection started failing. I've tried rebooting and then it can take up to five minutes or more for the password (keychain) prompt to appear. Once I have typed in the password the network connection starts to work. Then cuts out. Works. Then fails again.
Adapter: Ralink RT3090 802.11b/g/n Wi-Fi Basically, whenever I disable it, I can't get it to turn back on. If I hit Enable, it says device is not ready. What can I do to make it work ?
I'm trying desperately to get ipvs load balancing up and running using the RedHat Piranha utility.I'll post my config files later in the message.In order to simplify things, I've only got one LVS director running (no backup director), and I've only got one realserver running.I can ping the realserver static ip from the LVS director when the pulse daemon is NOT started.About one minute after I start the pulse daemon, I can no longer ping the realserver static ip.I can ping the realserver static ip from any other box on the subnetThe LVS app requires that the LVS director be able to ping (or CONNECT) the realserver as a sanity check to make sure the realserver(s) is/are still alive.
I am running Maverick (desktop edition - don't like the netbook remix) on my Acer Aspire One AO532h. I can deal with not being able to print, but not being able to get on my secure wireless network is getting to be a bother.I have AT&T DSL and am using an AT&T 2701HG-B 2Wire Wireless Gateway DSL Router Modem. If I had known that this particular 2Wire router-modem was so crappy, I'd have bought my own and tried wrestling around with that.I recently secured my wireless network and had to change the encryption from WEP to WPA so my iPad could get on it. Both my Mac desktops, the iPad, and an old Windows laptop are working fine, but not my Acer (or my XBox, for that matter). I've searched and searched for a solution and called AT&T (no Linux support :), all to no avail.
When I try to connect to my network, it goes and goes and either says that it can't connect, or shows that I'm connected, but with no signal/net capability.
however, until this morning I had only been using my wired connection with no problems but when I tried to connect to my home's WPA secured wireless network, it just would not connect. The network manager sees the network and when I click on it, a window pops up asking for authentication. I enter the passphrase, but still it will not connect. I'm using a Lenovo X61 LAPTOP (not tablet).
I used to be able to connect to my uni secure access vpn by navigating to the appropriate page, logging in and clicking "start" by "Network Connect" etc. etc. After an update to firefox it had been failing, giving me a "session timeout" MsgBox. I have tried clearing history etc and reinstalling firefox. I have also tried different browsers with no success.
So, I have since upgraded to 9.10 and now I get "Setup Failed, Sorry" in the bottom left of the screen (where "Done" is displayed once a page has loaded)...
I am now trying a different approach. I have downloaded ncui-6.5R2.i386.rpm and unpacked it fine. I have tried running it, without success and have also run the diagnostic - I will post results below:
When I try and run ./ncsvc I get the following:
Code: ncsvc> Failed to setuid to root. Error 1: Operation not permitted
I am having a small issue with finding and installing an IRC server program for ubuntu 10.10. I would like to know if anybody has any input on what the most simplistic and secure irc server program out there is, and how I would install and configure that said program.
They are running Kubuntu. How to access their desktop from my home or office using Internet. Logically I remembered about kfrb and X11-vnc. But both of them need some approach to provide security. I'd like if someone could give me some pieces of advice on choosing the simplest and better approach:
To secure kfrb or x11-vnc is simpler or better to mount a vpn or to use an ssh tunnel? Is there any other solution? My pearents ISP use DHCP, so I think it would require some service like dyndns or similar...
I've installed (Slackware 12.2) Cisco AnyConnect Secure Mobility Client for vpn connection (it is OpenSSL based app). When I'm trying to connect using this agent I get the error
Code: AnyConnect cannot confirm it is connected to your secure gateway.The local network may not be trustworthy.Please try another network.I don't know much about vpn. Any help are very welcomed.
On openSUSE 11.3 I was using remmina as a replacement for tsclient. After upgrading to openSUSE 11.4 (Did a complete new install) Remmina only seems to support SSH connections. All other protocols like RDP, NX and VNC are missing. I got FreeRDP and rdesktop etc. Installed and can connect to RDP sessions from the terminal.
I m pretty new to Linux..! I've been given a task to modify network protocol(TCP in particular). So now i've to make few changes to the kernel which includes modifying few source files. So i want to know how can i go abt it. Till now i've explored various .c files of kernel(Eg.tcp.c,tcp_input.c etc etc)by referring few books. And now comes the important part of implementing it. So how exactly can i go abt it?? I went thru various threads like installing a kernel,compliling a kernel and other things. But i m not getting the exact sequence in which i should do it. I've installed fedora 10. But i cannot see any source files which i can modify. Where and how can i modify these files?
I have a Dell Inspiron 8600 laptop on which I recently installed Ubuntu 9.10. Most things work, but the wireless will not connect to my home wireless network (a Linksys WRT54G). (Cannot see any other WIFI antennas from here, so I don't know if it works on other networks). Ubuntu says I have an Intel PRO/Wireless 2200BG, Kernel Driver ipw2200.
When I try to look for a wireless network, Ubuntu doesn't see any. (Every other computer in the house does, Macs and PCs). I tried Connect to Hidden Wireless Network > New > and filled in the name and the WEP password that the Linksys gave me.When I select Connect to Hidden Wireless Network and select the network that I entered all the information for, the Connect button is always grayed out.