Tag Archives: packet

httpry: Pry into your traffic

Network traffic analysis is a bit over my head, and since I generally only have single-user machines in the house, there’s no mystery about who accessed what site. For a better look at the innards though, httpry is a useful logging tool.

2014-09-12-6m47421-httpry-01 2014-09-12-6m47421-httpry-02

On the left, the tool at work; on the right, the fruits of its labor. As you can see, the log is mostly a plain-text dump of transactions, with relevant addresses and commands. In that sense, httpry is really just making a note of all the background noise that makes up your network traffic.

The home page for httpry says it’s not intended as an analytic tool, but it would be possible to perform some rudimentary filtering and screening with httpry, as you might guess from its options. There are also flags for specialized network settings, and for the daemon mode that httpry supports.

If you’re better attuned to network analysis than I, you’ll probably see some value in httpry, if only as a lightweight traffic logging tool. It can serve as the foundation for a more careful inspection, or just as a casual reminder that every interaction leaves a footprint or two. 😉

sendip: Packets and their contents

You’d think for all the esoteric network tools I have blundered through over the past year or so, I would have a better grasp of some fundamentals.

I don’t. 🙄

2014-04-19-6m47421-sendip

That’s sendip, which I like for being easy to figure out, giving plenty of information, and looking good in a screenshot. 😳

It does look good though. It spills the contents of the packet to the screen, including whatever piggybacked data you specified, and gives you a report of the transaction. Clean, neat and talkative.

What you do with that … I really don’t know for sure. It must be a science thing. 😯

Of course, without the flag for verbosity, sendip is meek as a kitten. So you have the option, if you prefer the strong, silent type.

sendip is in AUR and Debian, and strikes me as a useful tool to keep around. Even if I don’t know what it does. But when has that ever stopped me?! 😀

scapy: If you can’t dazzle them with brilliance

The thing I like most about scapy is that it makes me look terrifically geeky-smart.

2014-04-18-j05sdg1-scapy

That’s the Linux Mint version, and … I haven’t a single clue as to what it’s doing. I was just following the commands on the demo page.

I see on the home page that scapy is intended for packet manipulation. And I see that it’s interactive and multicolored, and for that I award points.

But what it’s doing is far beyond anything I can imagine, as a lowly desktop user.

However, I know full well that there are very talented people out there beyond my computer screen, and it may be that scapy is something incredibly useful and interesting to them.

So if you’re into packet manipulation, either as part of your job or just for the adrenalin rush, scapy is there for you.

And if you’re in the movie industry, the next time you need something generic to dump into your film that looks really geeky but is more than likely harmless … scapy might do the trick. 🙄

nemesis: Way, way out of my depth

I suppose part of the good in traipsing through an alphabetical list of console software was that I was forced — forced, I tell you — to look at software I would otherwise dismiss out of hand.

And looking at nemesis, I realize two things.

2014-02-02-lv-r1fz6-nemesis

That I am way out of my depth here. And that I am way, way out of my depth here.

I have found several introductions to nemesis elsewhere on the Internet, and of course there is a man page, but I fear I haven’t the requisite background to appreciate it fully.

I see that it transmits packets from the command line, which also suggests it can be run via script. I see that it can manage a lot of protocols, to include ARP, UDP and TCP.

The only problem is that those things are very vague to me, and I don’t know how or why I would need to do that.

So I scratch my head and try a couple of random stabs at the thing, but I feel very much like a chimpanzee staring at a Swiss army knife. It just doesn’t quite unfold for me.

And as time is a factor here, I hope you’ll forgive me if I set this aside for a later date. When a smarter, wiser K.Mandla arrives. 😕

hunt: The god of doorways

I am behind the power curve now, because of some frightening technical issues that cropped up in the past 24 hours or so.

Nothing network related (this time); instead, one of my external drives I use for a data archive (think: family photos and scanned documents) began spitting out errors.

It was suspect for at least a few days beforehand, with slow transfers and suspicious behavior. Luckily I copied everything off there — in the conventional manner, with no error messages — before some 20- to 30-hour tests.

It’s disappointing mostly because I bought that drive only a little more than a year ago, and anticipated it lasting much, much longer.

Rather than rant against the state of affairs in the hard drive industry, I’ll show you hunt.

2013-11-27-4dkln41-hunt-nosudo

That’s what hunt looks like if you don’t invoke superuser privileges. Something roguelike, multiplayer, with vi-ish movement and a text-based display.

Here’s what it looks like if you can rank yourself among those with godlike powers.

2013-11-27-4dkln41-hunt-sudo

Not a game, at all. Now we’re into specific network security functions, and as you can see from the menu options, they don’t mince words. Depending on the level of mischief you intend, hunt puts you in the driver’s seat.

I won’t pretend I know much about those things, mostly because I don’t know much about those things. All pretension aside, you’ll need to look elsewhere for a tutorial. I’m clueless.

On the other hand, I give hunt an extra point for — depending on your perspective — including a nontrivial roguelike as a time-waster … or as a distraction for the masses, keeping them ignorant and pacified.

Screenshots are Debian; the AUR version wouldn’t build for me. Plus one for the red swirly team. 😉