2007 Mar 14 - Wed
Sniffing, Security, Penetration Testing
For my reference, here is a compendium of interesting sites I encountered today:
[/OpenSource]
permanent link
Tracking What Web Sites Users Visit
As part of the monitoring package, we are interested in recording which web sites that users are visiting. The first
step is to capture the urls. The second step is to process and report the urls.
It took a while, but I came across DebianHelp. Among a bunch of other network diagnostic tools, it made mention of dsniff. It is a
composition of the following tools:
- arpspoof - Send out unrequested (and possibly forged) arp replies.
- dnsspoof - forge replies to arbitrary DNS address / pointer queries on the Local Area Network.
- dsniff - password sniffer for several protocols.
- filesnarf - saves selected files sniffed from NFS traffic.
- macof - flood the local network with random MAC addresses.
- mailsnarf - sniffs mail on the LAN and stores it in mbox format.
- msgsnarf - record selected messages from different Instant Messengers.
- sshmitm - SSH monkey-in-the-middle. proxies and sniffs SSH traffic.
- sshow - SSH traffic analyser
- tcpkill - kills specified in-progress TCP connections.
- tcpnice - slow down specified TCP connections via "active" traffic shaping.
- urlsnarf - output selected URLs sniffed from HTTP traffic in CLF.
- webmitm - HTTP / HTTPS monkey-in-the-middle. transparently proxies.
- webspy - sends URLs sniffed from a client to your local browser.
urlsnarf was the tool for which I was looking. For usage, it does have a man page. The whole toolset can be installed
with:
apt-get install dsniff
I now have urlsnarf logging to a file. I still need to do log rotation with it.
I am now looking at various ways to process the result. I was thinking of manually using Logfile::Access to parse the lines
and put stuff into a database. Then I got to looking around at log file analyzers like visitors or awstats, but they don't provide a breakdown of sites by user. I think I'll roll my own with the perl
library already mentioned.
[/OpenSource/Debian/Monitoring]
permanent link
Driftnet: Watching Your Surfers
This tool puts a network interface into promiscuous mode and looks for image files. Any image files found are
displayed as a continuously changing mosaic on the desktop. It has the ability to listen a tond keep mpeg and sound files
as well.
On my monitoring server, I have eth1 connected to a switch spanned port which in turn listens on the internal firewall
interface. This captures all the media files that users are bringing in from the internet.
Installation is easy:
apt-get install driftnet
To run is even easier:
driftnet -i eth1
Original files are found at Driftnet. This sites
has other interesting software such as proxies,
mail impersonators, visual formatting, graphics, and more.
I found this little treasure through a where some other nifty monitoring tools can be found.
[/OpenSource/Debian/Monitoring]
permanent link
iftop: Display Bandwidth Usage on an Interface
iftop is an interesting command line utility for
tracking traffic on an interface. tcpdump is good for looking at
packet content in real time, this is good for looking at what makes up traffic bandwidth in realtime.
Installation is easy:
apt-get install iftop
I have second interface on the monitoring server which is listening to what ever traffic passes in and out of the
internal interface of the firewall. The switch port connecting to the firewall is 'span'd to the monitoring server's
eth1. This allows one to monitor all components of inbound and outbound traffic.
Here is the command I used for looking at generating a bar chart of traffic details:
iftop -i eth1 -F 10.0.0.0/255.0.0.0 -P
The -F parameter provides an indication of what is internal traffic and what is external traffic. The -P parameter
shows the ports in each flow. For run-time commands, take a look at 'man iftop'.
[/OpenSource/Debian/Monitoring]
permanent link
Darvas Selections for 2007/03/14
Here are the selections for Wednesday.
These lists have the Darvas stop calculated in the second column.
|
Start: 2007-02-13
High: 2007-03-08
EOD: 2007-03-13
| Symbol | Stop |
| CF | 40.72
| | DISH | 43.44
| | DLTR | 34.98
| | FAF | 51.45
| | HSY | 54.17
| | MAT | 27.47
| | MHS | 69.00
| | NRG | 65.24
| | PSS | 33.64
| | PWR | 23.94
| | SCI | 12.10
| | TRA | 15.88
| | VLO | 59.67
|
|
Start: 2007-02-13
High: 2007-03-07
EOD: 2007-03-13
| Symbol | Stop |
| ARXX | 13.09
| | BRCD | 9.36
| | DISH | 43.44
| | DLTR | 34.98
| | FAF | 51.45
| | GSS | 3.96
| | HSY | 54.17
| | PLL | 36.90
| | PWR | 23.94
| | VLO | 59.67
|
|
Start: 2007-02-13
High: 2007-03-06
EOD: 2007-03-13
| Symbol | Stop |
| FAF | 51.45
| | HSY | 54.17
| | MHS | 69.00
|
|
[/Trading/Darvas/D200703]
permanent link
Darvas Results at EOD 2007/03/13 with EOD Signal of 2007/03/12
In comparison, the Dow Jones Industrial Index
opened at 12307,
had a lower high of 12307,
had a lower low of 12071,
and closed down for the day at 12075.
| Symbol | # | Open | High | Low | Close | Stop | O->H | O->C |
| ARXX | 2 | 13.08 | 13.14 | 13.02 | 13.02 | 12.99 | 0.06 | -0.06
| | BRCD | 2 | 9.61 | 9.94 | 9.54 | 9.55 | 9.36 | 0.33 | -0.06
| | DISH | 1 | 44.10 | 44.26 | 42.90 | 42.93 | 43.44 | 0.16 | -1.17
| | DLTR | 1 | 36.82 | 36.82 | 35.82 | 35.84 | 34.98 | 0.00 | -0.98
| | FAF | 2 | 51.99 | 52.01 | 51.15 | 51.58 | 51.45 | 0.02 | -0.41
| | GSS | 1 | 4.25 | 4.30 | 4.00 | 4.05 | 3.96 | 0.05 | -0.20
| | HSY | 2 | 54.45 | 54.58 | 53.39 | 53.41 | 54.17 | 0.13 | -1.04
| | MHS | 1 | 69.50 | 69.68 | 68.26 | 68.39 | 69.00 | 0.18 | -1.11
| | PLL | 1 | 37.73 | 37.85 | 37.11 | 37.14 | 36.90 | 0.12 | -0.59
| | PWR | 1 | 24.22 | 24.30 | 23.87 | 23.95 | 23.94 | 0.08 | -0.27
| | VLO | 1 | 60.48 | 61.47 | 59.85 | 60.19 | 59.67 | 0.99 | -0.29
| | 11 | | 369.41 | | | | | 2.12 | -6.18
|
[/Trading/Darvas/D200703]
permanent link
|
