Click here

Wednesday, May 31, 2017

Mercap/editcap: Files from that network type can't be saved in that format [solved]

Sometimes we do face problem in spilt/merge  packet captures taken in a different media. For example, if we capture packets in MAC operating system, we can't merge the capture files using mergecap utility. Because the files are not in libpcap format. When you try to merge/edit the files, you get the below error


Issue
mergecap  -w out.pcap VA123_00016_20170530202904 VA123_00016_20170530202905

mergecap: Can't open or create out.pcap: Files from that network type can't be saved in that format

file VA123_00016_20170530202904
VA989_00016_20170530202904: pcap-ng capture file - version 1.0


you can solve this issue with the help of tcpdump utility. With the help of tcpdump, you can convert the pcap-ng files to libpcap format 

tcpdump -r  VA123_00016_20170530202904  output.pcap

You can use the below script to merge the list of pcapng files into a single libpcap file

#!/bin/bash
for i in `ls`
do
    echo $i
    file=`echo $i | cut -d "." -f1`
    tcpdump -r $i -w $file.pcap
done
mergecap -w outputfile.pcap *.pcap

at No comments:
Labels: , , , , , ,

Tuesday, March 28, 2017

Install nodejs , npm and websocket in Debain wheezy

Installing npm and websocket is not so easy in Debian wheezy. You can make use of the below steps to install websocket and npm in Debian wheezy.

1) Install nodejs using the Debian package manager 

apt-get install nodejs

2) npm does not come with Debian package management system. Still there is a way 

curl https://www.npmjs.com/install.sh | sh

3) To install websocket, you need to upgrade to the latest version of nodejs and node-gyp package. You can install latest version of nodejs using nmp

npm cache clean -f
npm install -g n
n stable
n 4.7.2

4) Install node-gyp package using npm

npm install -g node-gyp

5) Finally install websocket using npm

npm install webscoket

P.S.
npm makes it easy for JavaScript developers to share and reuse code, and it makes it easy to update the code that you're sharing.

at No comments:
Labels: , , , ,

Tuesday, March 14, 2017

Debugging Signals- Log the PID of the sender

Suppose if your program randomly crashes  and you find that some process is sending SIGTERM to your program , you can find the process ID of the sender using "sigaction"
 You need to use sigaction call to set up your signal handler instead of signal. Doing so will let you set up a signal handler that takes three parameters:
  • An int, for the signal number (just like signal)
  • A siginfo_t *, which is a structure containing all sorts of information about the source of the signal, including the pid of the sender if applicable. (It also includes some information about the cause of the signal for automatic signals like SIGSEGV.)
  • A ucontext_t *, which has to do with which thread got the signal. Mostly ignorable


 Example code and steps:

 1) catchsignal.c

"/* Example of using sigaction() to setup a signal handler with 3 arguments
 * including siginfo_t.
 */
#include <stdio.h>
#include <unistd.h>
#include <signal.h>
#include <string.h>
 
static void hdl (int sig, siginfo_t *siginfo, void *context)
{
 printf ("Sending PID: %ld, UID: %ld\n",
   (long)siginfo->si_pid, (long)siginfo->si_uid);
}
 
int main (int argc, char *argv[])
{
 struct sigaction act;
 
 memset (&act, '\0', sizeof(act));
 
 /* Use the sa_sigaction field because the handles has two additional parameters */
 act.sa_sigaction = &hdl;
 
 /* The SA_SIGINFO flag tells sigaction() to use the sa_sigaction field, not sa_handler. */
 act.sa_flags = SA_SIGINFO;
 
 if (sigaction(SIGTERM, &act, NULL) < 0) {
  perror ("sigaction");
  return 1;
 }
 
 while (1)
  sleep (10);
 
 return 0;
}


2) Compile the program 


    gcc -o catchsignal catchsignal.c








3) Shell script to trigger a signal 






sendsig.sh


#!/bin/sh
while [ 1 ]
do
    pidof=`ps -ef | grep catchsignal | grep -v "grep" | awk  '{print $2}'`
    if [ ! -z $pidof ]
    then
        kill $pidof
    fi
sleep 10
done






4) Execute the script

   sh sendsig.sh



5) Run the program 


    ./catchsignal






6) Output of the program








Sending PID: 18532, UID: 0 


Sending PID: 18532, UID: 0


Sending PID: 18532, UID: 0




















at





No comments:
  


















Labels:
,
,

















          

        

          

        

Tuesday, January 24, 2017


          

        









Bash useful commands














1) To find the duplicates in a file



cat $filename | sort | uniq -c  | awk '$1 > 1 {print $2}'



sort  To sort contents of a file

uniq -c   Counts number of duplicates in a file

awk '$1 > 1 {print $2}'  Print values which has count greater than 1 (Duplicates)





2) Replace a text in vim editor



shift +R   To replace mode



3) Copy the entire file in vim editor



From top

shift + v  To enter visual mode

shift+gg  To Select the entire file



From bottom



shift + v  To enter visual mode

shift  1G To Select the entire file












at





No comments:
  


















Labels:
,
,
,
,
,
,

















        

      









Subscribe to:
Posts (Atom)









Omicron - people gathers in crowd



Amidst omicron thread, people are gathered in crowd at markets and public places to buy their daily needs. Because of full lockdown at Sunda...