• Content count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About s.in

  • Rank
  1. Thanks for the response. I've been looking at tshark and using it for picking up other stuff from my pcap e.g. "tshark -r file.pcap -V -T fields -e http.cookie -e http.referer -e frame.time" However,the problem i'm facing is in identifying / exporting objects, as opposed to data elements. Would be grateful for a pointer - tshark or wireshark documentation dosent address this at all
  2. Hi, I was wondering if there is any way of exporting objects from a pcap file using the command line. While the wireshark GUI and Network miner do a neat job of this, I need to export the objects as part of a script I'm working on. Tried Google, no luck. Would be grateful for any pointers on this. Thanks.
  3. Could somebody point me towards any articles on GPRS log layouts - what are the fields and descriptors? Tried googling, but couldn't come up with any details. Most sites describe SGSN's and GGSN's or mediation devices but nobody says much about the logs created at the devices. I guess, they would be vendor / equipment specific.
  4. Could somebody please point me towards why my Virtual OS wont recognise the partitions on my hard disk. I'm Running the VMWare player on Windows XP the HDD is as Maxtor 6L080M0, and trying to mount a FAT16 partition. From what I understand, I need to edit the .vmx at the portion ide1:0.present = "TRUE" ide1:0.fileName = "backtrack.iso" ide1:0.deviceType = "cdrom-image" ide1:0.startConnected = "TRUE" ide1:0.autodetect = "TRUE" Any pointers to what edits are required to mount the system so that fstab(?) lets me mount the HDD?
  5. "APPLAUD" And, Irongeek, for whatever this is worth, I think you're fabulous <- guess you've heard that often enough, but the fact that you willingly share your knowledge with people like me, who want to understand more of the why, rather than just the how, you're
  6. I was'nt aware of this. I thought for any traffic to enter the network, a port was neccessarily opened. Could you point me to something that would clarify this?
  7. I'm new here, but i'll still add my opinion for what it is worth. 1. A lot of things on such forums are complex and new (to me at least). Understanding, and assimilating new ideas (for me, at least) takes time and effort. The effort involved reduces when I am able to focus on what is being said, and I'm not diverted by irritations such as first having to decipher what has been said into plain English. 2. Respect, as was raised in this thread, in my opinion, is not restricted to specific events or people, but should, on most occasions, be extended to any new ideas or people, for the simple reason that they are new. On examining the ideas, it's upto us to decide what to do with them - but I believe that a lot more gets accomplished in any (reasonable) situation, if we focus on the ideas, rather on the emotions involved in making sure the other person accepts our opinions/ideas at the cost of his own. 3. I've learnt on this forum, that there's a lot of learning to be done, if I listened to what people said, applied my mind and tried out the same things differently. In a recent post, I was told " Now, I'm pretty sure you have no idea what this stuff is which is why you asked. Now, I probably gave you an idea without actually even looking this stuff up. Go off and research this stuff a bit and you may not be so happy with the results you'll find.". Fair enough, I dont know a quarter as much as most of the rest of you, but once I got past the annoyance of that reply, I started thinking and was able to come with a solution to my problem (which obviously was triggered by the annoyance at the put down). I guess, the essence of what I am trying to say is that I come here to learn, for my benefit. It's upto me to keep things at a level where the interchange focuses on the substance, rather than the form. In that context, proper spellings et al seem to be the simplest way to go about things. to quote rainwater "YAY LANGUAGE" I know i'm repetitive and pedagogical, but also, "YAY FREE SPEECH"
  8. I installed sandboxie, but there seems to be some problem, it crashes immediately on loading. Went to safe, reinstalled, returned to normal, tried again dinna work. that machine is running XP SP2
  9. I was reading a post on ryan1918, and i came across someone who spoke of opening a downloaded file in a sandbox environment to check for malware. http://www.ryan1918.com/viewtopic.php?t=4088 is anyone here aware of any freeware that does this kind of stuff I understand the concept of a sandbox, but i wasnt aware that the stuff mentioned here was available, preferably free
  10. From the SANS site "Intrusion Detection, which is the art of detecting inappropriate, incorrect, or anomalous activity" visit: http://www.sans.org/resources/idfaq/ as far as firewalls go, reading up on iptables is a pretty good primer. you could also take a look at www.tkn.tu-berlin.de/curricula/NetworkSecurity/Handouts/13_Firewalls.pdf for forensics, you could look at www.wipro.in/resources/whitepapers/security_computerforensicsfinalarticlev2.pdf and http://www.forensics.nl/ let me know if you need more
  11. With all due respect, will somebody please, please read my original post? Sine PE is more powerful, why is it showing me less info?
  12. I would appreciate pointers to where I could read up more on the REASONS WHY, rather than simple command lines. I thought one of the aims of this forum was to help beginners understand reasons why, rather than to spoon feed us with one liners. So far, I have googled for this, as well as tried reading through M$ and Sygate. Per my understanding, both Sygate and svchost should be using the same methodology to query the OS. Where am I going wrong? As far as my machine getting screwed is concerned, more power to whoever does that.
  13. I did. Maybe the qs wasnt clear. What is confusing me is : why is PE not showing these instances of svchost, while Sygate is
  14. On my machine, when looking at Process explorer, I see svchost repeated as per the services running. However, when I look at the Sygate Running applications window, I see additional instances of svchost, not seen in PE. The additional instances running svchost show: SYSCOMLAN SDProxy EPMAP NetARX Here-LM (Here Licence Manager) Any help on why these are running would be appreciated, as they dont show up in my list of installed service as seen via services.msc
  15. Maybe you could look at: http://cvs.sourceforge.net/viewcvs.py/owasp/webgoat/ Neat, simple and fun