Berkeley CSUA MOTD:Entry 12341
Berkeley CSUA MOTD
 
WIKI | FAQ | Tech FAQ
http://csua.com/feed/
2024/11/23 [General] UID:1000 Activity:popular
11/23   

2004/2/21-23 [Computer/SW/Mail, Computer/SW/Languages/Perl] UID:12341 Activity:low
2/21    What's the best tool to convert raw network traffic captured on the
        wire into something useful?  I'm currently reading the unparsed
        output from ngrep, tcpdump and similar tools but I'd like to see that
        turned into the real thing.  For example, I want to see an output log
        that says machine X went to host/port Y/y to grab URL Z for http
        connections.  I want emails going by saved out in mbox or other
        human readable format.  Does such a thing exist?  I started to write
              \- yes, but you have to email me --psb
                 \_ why not posted it on the web?  I was looking for something
                    \- because as a general matter these anon requests are
                       annoying. i can understand for a dumb question or a
                       contentious issue but not in a case like this. i suppose
                       if you are widely disliked on sloda, that might be one
                       reason to ask for help anonymously. --psb
                       \_ maybe some people don't want their name attached
                          with looking for software to read raw network
                          traffic.  the world just isn't as open minded and
                          understanding as you are, partha.
                    like that monitoring LAN network to spot abuses on
                    company's network, mainly to spot p2p client use at the
                    office   --kngharv
                             \- if you want to look for p2p, that is a
                                matter of looking for the protocol. as a
                                general matter compliance issues are easier
                                to deal with because you can do offline rather
                                than realtime detection [offline = run on
                                tracedumps]. of course if you want to use
                                something like kazaa obliterator, then you
                                need to detect in realtime ... or not too
                                lagged batch proc. what is this "web" you
                                speak of. --psb
        my own in perl but then realised I can't be the first person to ever
        need this.  Thanks!
        \_ fantastic GUI utility called Ethereal. Available binaries for
           windows, linux, solaris. source available. I've used it only
           for reading traffic at the packet level, but perhaps if you want
           application level stuff (eg, emails as opposed to SMTP packets
           or whatever) perhaps you could write that yourself since its
           open source.                         - rory
        \_ Etherpeek
        \_ If it doesn't have to be graphical, you might want to consider
           hogwash (snort-based IDS.)  Also, although it's more of a toy
           than a tool, take a look at Etherape.  -John
           \_ use Etherape before.  I find it not as useful as I would like
              to be.  Only thing cool about it is that it color coded traffic
              from different ports.  This feature allow me to spot p2p
              client (most people uses p2p don;t bother with port changes),
              and it is pretty good for detecting infected computer which
              eat up all the bandwidth.
                \_ Like I said, it's sort of a toy, although useful to get
                   an overview of traffic patterns.  What I find really
                   hilarious (almost totally useless as a tool) is driftnet.
ERROR, url_link recursive (eces.Colorado.EDU/secure/mindterm2) 2024/11/23 [General] UID:1000 Activity:popular
11/23   

You may also be interested in these entries...
2012/10/15-12/4 [Computer/SW/Mail] UID:54501 Activity:nil
10/15   What's the soda email client these days?
        \_ Don't know.  /usr/bin/mail hasn't been working for a while.
        \_ forward to Gmail.
        \_ mutt works for me
	...
2012/8/29-11/7 [Computer/SW/Security] UID:54467 Activity:nil
8/29    There was once a CSUA web page which runs an SSH client for logging
        on to soda.  Does that page still exist?  Can someone remind me of the
        URL please?  Thx.
        \_ what do you mean? instruction on how to ssh into soda?
           \_ No I think he means the ssh applet, which, iirc, was an applet
              that implemented an ssh v1 client.  I think this page went away
	...
2011/11/14-30 [Computer/SW/Security] UID:54228 Activity:nil
11/14   Social Engineering call centers:
        http://www.itbusiness.ca/it/client/en/home/News.asp?id=64887
	...
2011/2/14-4/20 [Computer/SW/Unix] UID:54039 Activity:nil
2/14    You sure soda isn't running windows in disguise?  It would explain the
        uptimes.
        \_ hardly, My winbox stays up longer.
        \_ Nobody cares about uptime anymore brother, that's what web2.0 has
           taught us.  Everything is "stateless".
           \_ You;d think gamers would care more about uptime.
	...
2011/4/6-20 [Computer/SW/Mail, Computer/SW/Unix, Industry/Startup] UID:54078 Activity:nil
4/6     My company is evaluating version control systems. Our two candidates
        are Perforce and Subversion. Anyone worked with both and have good
        arguments one way or the other? (These are the only two options we
        have.) We're most interested in client performance, ease of use, and
        reasonable branching.
        \_ I'll be 'that guy'. If perforce and subversion are optins, why isn't
	...
2011/2/6-19 [Computer/Networking] UID:54028 Activity:nil
2/5     hmm.
$netstat -at | grep LISTEN
tcp        0      0 *:43300                 *:*                     LISTEN
        \_ this is an sshd
tcp        0      0 *:49416                 *:*                     LISTEN
tcp        0      0 *:36201                 *:*                     LISTEN
	...
2010/8/8-9/7 [Computer/SW/Languages/C_Cplusplus, Computer/SW/Languages/Web] UID:53914 Activity:nil
8/8     Trying to make a list of interesting features languages have
        touted as this whole PL field comes around, trying to see if they
        have basis in the culture of the time: feel free to add some/dispute
        1970 C, "portability"
        1980 C++, classes, oop, iterators, streams, functors, templates
             expert systems
	...
2009/9/10-15 [Computer/SW/Mail] UID:53353 Activity:nil
9/9     What should outbound mail server be when reading mail from soda
        with IMAP? Is there a FAQ?
        \_ It's <DEAD>mail.csua.berkeley.edu<DEAD> (same as for incoming mail).
           \_ "The message could not be sent because connecting to SMTP
               server <DEAD>mail.csua.berkeley.edu<DEAD> failed. The server may
               be unavailable or is refusing SMTP connections."
	...
2009/8/3-11 [Computer/HW/Laptop] UID:53235 Activity:low 70%like:53232
8/1     Where is the mac desktop going to go? It seems all the development
        in sw/hw now is for the iphone, imac.  2 finger Gestures won't work
        on the desktop.  What happened to the xserve line?
        \_ Two finger gestures DO work on the desktop.  Have you used a new
           Apple laptop lately...they support up to 5 finger gestures.
           \_ you're making my point even harder, do the 5 finger gestures
	...