May 2010
7 posts
1 tag
2 tags
Scapy and checksum calculation
Sometimes you have to (re)calculate a checksum when you modify packets or when you try to solve friends networking challenge like the following:
I’m 45000064000f0000fe013726c0a80108c0a8030b - a 20 bytes IP header.
What will be my checksum after the next hop? :-)
It’s easy with scapy … first, import the hex, modify the TTL, delete the checksum then apply show2() function. This one...
1 tag
OpenBSD 4.7 goodies and Cisco
Meat and goodies:
OpenBSD and Cizcoeee:
OpenBSD 4.7 official release date is 19th May of 2010 but already available as pre-order.
2 tags
Big LAN and ARP broadcast
Sometimes the network suffers from a very BAD design (like large L2 domain).
In this situation, some (normal) network behavior are more visible than it should if the network had a better designer.
The reason of the bad design is often part of the history OR the hired consultant dislikes th company he works for and ship them with a bad design :D
One of the visible phenomenon occurs when many...
1 tag
Wireshark configuration for Check Point fw monitor
Here is how to set-up correctly wireshark in order to read fw monitor output friendly:
ctrl+shift+p
Protocols / Ethernet / Attempt to interpret as Firewall-1 monitor file
Protocols / FW-1 / Monitor file includes UUID and Interface list includes chain position
User Interface / Columns / Add : fw-1 chain|FW-1 monitor if/direction
Apply preferences
View / Coloring rules / New
preIn /...
1 tag
802.3x prezo
Breaking the myth about 802.3x usage. Here is a public prezo I did for a customer.
Click here to download the prezo.
Table of contents:
Do you really know Flow Control?
802.3x standard
Places where you will find 802.3x
Pause frames were created to defeat non wirerates switches
Symetric vs Asymetric 802.3x
Asymetric speed connected to the same L2 device
Flow control on...
1 tag
Wireshark: extract HTTP objects from captured...
Looking for an elegant way to extract HTTP objects (images, javascript, …) from a pcap file?
Open the pcap file under wireshark then click on FILE => Export => Objects => HTTP.