I try to rewrite the destination ipv6 of pcap with below command:
tcprewrite --infile=v6Capture_d80095.pcap --outfile=test.pcap --dstipmap=[ff02::16],[fe80::20c:29ff:fe4c:84f2]
But got the error message:
Fatal Error: Unable to parse args: From parse_args.c:tcpedit_post_args() line 89:
Unable to parse --dstipmap=[ff02::16],[fe80::20c:29ff:fe4c:84f2]
Any suggestion?
Thanks in advance!
Should be:
--dstipmap=[ff02::16]:[fe80::20c:29ff:fe4c:84f2]
In this problem you need to translate once to layer 2 and then re-translate to layer 3:
sudo tcprewrite --infile=in.pcap --dlt=enet --outfile=out.pcap --enet-dmac=00:55:22:33:AA:27 --enet-smac=00:44:66:AC:H9:AF
and then just change the ip address with:
sudo tcprewrite --infile=out.pcap --outfile=new.pcap --dstipmap=192.168.20.20:192.168.50.50 --srcipmap=172.10.10.5:172.20.20.12
Here's an example for IPv4:
tcprewrite --dstipmap=111.111.111.111:127.0.0.1 --infile=in.pcap --outfile=out.pcap
Reference documentation: https://tcpreplay.appneta.com/wiki/tcprewrite#changing-networks-via-pseudo-nat-sourcedestination-ip-map
Related
I have pfSense (FreeBSD 11.2-p6) in use and I want to be able to use the prefix-set config feature (https://man.openbsd.org/bgpd.conf#prefix-set)
I add a simple
prefix-set bogons { 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, fc00::/7 }
in my /var/etc/openbgpd/bgpd.conf file (as per docs)
But when restarting bgpd it fails on that line as if there is an issue with the syntax:
bgpd -n -f /var/etc/openbgpd/bgpd.conf
/var/etc/openbgpd/bgpd.conf:11: syntax error
Yes, line 11 is the prefix-set line
How do I get prefix-set to work ?
Turns out I was looking at https://man.openbsd.org/bgpd.conf while I should have been looking at the docs from https://www.freebsd.org/cgi/man.cgi?query=bgpd.conf as per Richard Smith's reply.
prefix-set is not a thing in FreeBSD bgpd
I have a problem there.
I've installed Snort on my CentOS 7 server and wanted to use PulledPork as a source for rules. Pretty basic stuff...
Configured PulledPork conf:
# What path you want the .so files to actually go to *i.e. where is it
# defined in your snort.conf, needs a trailing slash
sorule_path=/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/
# Path to the snort binary, we need this to generate the stub files
snort_path=/usr/sbin/snort/
# We need to know where your snort.conf file lives so that we can
# generate the stub files
config_path=/etc/snort/snort.conf
Then I ran my PulledPork script:
./pulledpork.pl -c /etc/pulledpork/etc/pulledpork.conf
It gave me an error:
The specified Snort binary does not exist!
Please correct the value or specify the FULL rules tarball name in the pulledpork.conf!
at ./pulledpork.pl line 1816.
I tried to install different snort (from the snort binaries section:snort-openappid-2.9.7.3-1.centos7.x86_64.rpm), changed pullerpork conf file. Nothing changed. Couldn't google it as well, so now I am here seeking for help. Thank you!
Here are my snort files locations:
/home/aivanov/snort-2.9.7.3-1.centos7.x86_64.rpm
/home/aivanov/snort-openappid-2.9.7.3-1.centos7.x86_64.rpm
/home/aivanov/snort-2.9.7.3-1.src.rpm
/home/aivanov/snort-openappid-2.9.7.3-1.centos7.x86_64.rpm.1
/run/lock/subsys/snort
/sys/fs/cgroup/systemd/system.slice/snortd.service
/sys/fs/cgroup/systemd/system.slice/snortd.service/cgroup.clone_children
/sys/fs/cgroup/systemd/system.slice/snortd.service/cgroup.event_control
/sys/fs/cgroup/systemd/system.slice/snortd.service/notify_on_release
/sys/fs/cgroup/systemd/system.slice/snortd.service/cgroup.procs
/sys/fs/cgroup/systemd/system.slice/snortd.service/tasks
/etc/selinux/targeted/modules/active/modules/snort.pp
/etc/logrotate.d/snort
/etc/sysconfig/snort
/etc/rc.d/init.d/snortd.rpmsave
/etc/rc.d/init.d/snortd
/etc/rc.d/rc0.d/K60snortd
/etc/rc.d/rc1.d/K60snortd
/etc/rc.d/rc2.d/S40snortd
/etc/rc.d/rc3.d/S40snortd
/etc/rc.d/rc4.d/S40snortd
/etc/rc.d/rc5.d/S40snortd
/etc/rc.d/rc6.d/K60snortd
/etc/snort
/etc/snort/rules
/etc/snort/rules/snort-2.9.7.3-1.src.rpm
/etc/snort/rules/snort-2.9.7.3-1.centos7.x86_64.rpm
/etc/snort/rules/snort-openappid-2.9.7.3-1.centos7.x86_64.rpm
/etc/snort/snort.conf.rpmsave
/etc/snort/classification.config
/etc/snort/gen-msg.map
/etc/snort/reference.config
/etc/snort/snort.conf
/etc/snort/threshold.conf
/etc/snort/unicode.map
/var/lib/yum/yumdb/s/bbf08ea2dbaff9bcfb7095d8dfcf486e694aa1cf-snort-openappid-2.9.7.3-1-x86_64
/var/lib/yum/yumdb/s/bbf08ea2dbaff9bcfb7095d8dfcf486e694aa1cf-snort-openappid-2.9.7.3-1-x86_64/from_repo
/var/lib/yum/yumdb/s/bbf08ea2dbaff9bcfb7095d8dfcf486e694aa1cf-snort-openappid-2.9.7.3-1-x86_64/reason
/var/lib/yum/yumdb/s/bbf08ea2dbaff9bcfb7095d8dfcf486e694aa1cf-snort-openappid-2.9.7.3-1-x86_64/releasever
/var/lib/yum/yumdb/s/bbf08ea2dbaff9bcfb7095d8dfcf486e694aa1cf-snort-openappid-2.9.7.3-1-x86_64/var_uuid
/var/lib/yum/yumdb/s/bbf08ea2dbaff9bcfb7095d8dfcf486e694aa1cf-snort-openappid-2.9.7.3-1-x86_64/var_infra
/var/lib/yum/yumdb/s/bbf08ea2dbaff9bcfb7095d8dfcf486e694aa1cf-snort-openappid-2.9.7.3-1-x86_64/command_line
/var/lib/yum/yumdb/s/bbf08ea2dbaff9bcfb7095d8dfcf486e694aa1cf-snort-openappid-2.9.7.3-1-x86_64/checksum_type
/var/lib/yum/yumdb/s/bbf08ea2dbaff9bcfb7095d8dfcf486e694aa1cf-snort-openappid-2.9.7.3-1-x86_64/checksum_data
/var/lib/yum/yumdb/s/bbf08ea2dbaff9bcfb7095d8dfcf486e694aa1cf-snort-openappid-2.9.7.3-1-x86_64/from_repo_revision
/var/lib/yum/yumdb/s/bbf08ea2dbaff9bcfb7095d8dfcf486e694aa1cf-snort-openappid-2.9.7.3-1-x86_64/from_repo_timestamp
/var/lib/yum/yumdb/s/bbf08ea2dbaff9bcfb7095d8dfcf486e694aa1cf-snort-openappid-2.9.7.3-1-x86_64/installed_by
/var/log/snort
/var/spool/mail/snort
/var/tmp/yum-root-3bDmpR/snort-2.9.7.3-1.centos7.x86_64.rpm
/usr/bin/snort_control
/usr/sbin/snort
/usr/sbin/snort-openappid
/usr/lib64/snort-2.9.7.3_dynamicengine
/usr/lib64/snort-2.9.7.3_dynamicengine/libsf_engine.so
/usr/lib64/snort-2.9.7.3_dynamicengine/libsf_engine.so.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_appid_preproc.so
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_appid_preproc.so.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_appid_preproc.so.0.0.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_dce2_preproc.so
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_dce2_preproc.so.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_dce2_preproc.so.0.0.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_dnp3_preproc.so
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_dnp3_preproc.so.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_dnp3_preproc.so.0.0.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_dns_preproc.so
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_dns_preproc.so.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_dns_preproc.so.0.0.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_ftptelnet_preproc.so
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_ftptelnet_preproc.so.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_ssl_preproc.so
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_ftptelnet_preproc.so.0.0.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_gtp_preproc.so
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_gtp_preproc.so.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_gtp_preproc.so.0.0.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_imap_preproc.so
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_imap_preproc.so.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_imap_preproc.so.0.0.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_modbus_preproc.so
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_modbus_preproc.so.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_modbus_preproc.so.0.0.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_pop_preproc.so
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_pop_preproc.so.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_pop_preproc.so.0.0.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_reputation_preproc.so
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_ssl_preproc.so.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_reputation_preproc.so.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_ssl_preproc.so.0.0.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_reputation_preproc.so.0.0.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_sdf_preproc.so
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_sdf_preproc.so.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_sdf_preproc.so.0.0.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_sip_preproc.so
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_sip_preproc.so.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_sip_preproc.so.0.0.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_smtp_preproc.so
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_smtp_preproc.so.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_smtp_preproc.so.0.0.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_ssh_preproc.so
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_ssh_preproc.so.0
/usr/lib64/snort-2.9.7.3_dynamicpreprocessor/libsf_ssh_preproc.so.0.0.0
/usr/share/doc/snort-2.9.7.3
/usr/share/doc/snort-2.9.7.3/AUTHORS
/usr/share/doc/snort-2.9.7.3/BUGS
/usr/share/doc/snort-2.9.7.3/CREDITS
/usr/share/doc/snort-2.9.7.3/INSTALL
/usr/share/doc/snort-2.9.7.3/NEWS
/usr/share/doc/snort-2.9.7.3/README.unified2
/usr/share/doc/snort-2.9.7.3/OpenDetectorDeveloperGuide.pdf
/usr/share/doc/snort-2.9.7.3/PROBLEMS
/usr/share/doc/snort-2.9.7.3/README
/usr/share/doc/snort-2.9.7.3/README.GTP
/usr/share/doc/snort-2.9.7.3/WISHLIST
/usr/share/doc/snort-2.9.7.3/README.PLUGINS
/usr/share/doc/snort-2.9.7.3/generators
/usr/share/doc/snort-2.9.7.3/README.PerfProfiling
/usr/share/doc/snort-2.9.7.3/README.SMTP
/usr/share/doc/snort-2.9.7.3/snort_manual.tex
/usr/share/doc/snort-2.9.7.3/README.UNSOCK
/usr/share/doc/snort-2.9.7.3/README.WIN32
/usr/share/doc/snort-2.9.7.3/snort_manual.pdf
/usr/share/doc/snort-2.9.7.3/README.active
/usr/share/doc/snort-2.9.7.3/README.alert_order
/usr/share/doc/snort-2.9.7.3/README.appid
/usr/share/doc/snort-2.9.7.3/README.asn1
/usr/share/doc/snort-2.9.7.3/README.counts
/usr/share/doc/snort-2.9.7.3/README.csv
/usr/share/doc/snort-2.9.7.3/README.daq
/usr/share/doc/snort-2.9.7.3/README.dcerpc2
/usr/share/doc/snort-2.9.7.3/README.decode
/usr/share/doc/snort-2.9.7.3/README.variables
/usr/share/doc/snort-2.9.7.3/README.decoder_preproc_rules
/usr/share/doc/snort-2.9.7.3/README.dnp3
/usr/share/doc/snort-2.9.7.3/README.dns
/usr/share/doc/snort-2.9.7.3/README.event_queue
/usr/share/doc/snort-2.9.7.3/README.file
/usr/share/doc/snort-2.9.7.3/README.file_ips
/usr/share/doc/snort-2.9.7.3/README.filters
/usr/share/doc/snort-2.9.7.3/README.flowbits
/usr/share/doc/snort-2.9.7.3/README.frag3
/usr/share/doc/snort-2.9.7.3/README.ftptelnet
/usr/share/doc/snort-2.9.7.3/README.gre
/usr/share/doc/snort-2.9.7.3/README.ha
/usr/share/doc/snort-2.9.7.3/README.http_inspect
/usr/share/doc/snort-2.9.7.3/README.imap
/usr/share/doc/snort-2.9.7.3/README.ipip
/usr/share/doc/snort-2.9.7.3/README.ipv6
/usr/share/doc/snort-2.9.7.3/README.modbus
/usr/share/doc/snort-2.9.7.3/TODO
/usr/share/doc/snort-2.9.7.3/README.multipleconfigs
/usr/share/doc/snort-2.9.7.3/README.normalize
/usr/share/doc/snort-2.9.7.3/README.pcap_readmode
/usr/share/doc/snort-2.9.7.3/README.pop
/usr/share/doc/snort-2.9.7.3/README.ppm
/usr/share/doc/snort-2.9.7.3/README.reload
/usr/share/doc/snort-2.9.7.3/README.reputation
/usr/share/doc/snort-2.9.7.3/USAGE
/usr/share/doc/snort-2.9.7.3/README.sensitive_data
/usr/share/doc/snort-2.9.7.3/README.sfportscan
/usr/share/doc/snort-2.9.7.3/README.sip
/usr/share/doc/snort-2.9.7.3/README.ssh
/usr/share/doc/snort-2.9.7.3/README.ssl
/usr/share/doc/snort-2.9.7.3/README.stream5
/usr/share/doc/snort-2.9.7.3/README.tag
/usr/share/doc/snort-2.9.7.3/README.thresholding
/usr/share/man/man8/snort.8.gz
/usr/local/lib/snort_dynamicrules
Thanks for your help!
try sudo ./pulledpork.pl -c /etc/pulledpork/etc/pulledpork.conf You are trying to access your sbin. And I would double check that, that is actually where your snort binary is. also get rid of the trailing slash: /usr/sbin/snort
You are getting this error because of the trailing slash, remove the forward slash behind snort and you should be good.
snort_path=/usr/sbin/snort
I have to build SCTP packets in scapy, however it seems that SCTP does not exist in scapy folders. So I searched on the net and I found the sctp.py script:
https://github.com/jwiegley/scapy/blob/master/scapy/layers/sctp.py
I tried to copy this file in all folders that contains "/scapy/layers" but unfortunately SCTP is still undefined in scapy. ie: when I write
sctp=SCTP(dport=2500,sport=2600) I got this error message :
NameError: name 'SCTP' is not defined
How can I solve this problem; Is there any command that I missed to run ? Thanks in advance.
Not sure why you get an error ... I try this
scapy
s=SCTP(dport=2500,sport=2600)
>>> s.show()
###[ SCTP ]###
sport= 2600
dport= 2500
tag= None
chksum= None
Which looks good to me.
s.pdfdump("sctp.pdf")
This requires Gnu-Plot and some other package but this also works.
SCTP works !!
Hope this helps.
I got a fatal error at auto_load function. See the following error, indicating that the specific directory and file '/mnt/webDir/www/sossage/system/classes/kohna/log.php' file failed opening required. Yes, file doesn't exist. Its's wrong path.
But, I never write the code, also can't find anywhere using 'find' option on my web root.
Fatal error: Kohana_Core::auto_load(): Failed opening required '/mnt/webDir/www/mysite/system/classes/kohna/log.php' (include_path='.:/usr/share/php:/usr/share/pear') in /mnt/webDir/mysite/system/classes/kohana/core.php on line 418, referer:
How can I solve the problem, please let me know the solution or tips.
Thanks.
You've got a typo in your configuration, likely. Note the directory it's attempting to access:
...system/classes/kohna/log.php
"kohna" is not the appropriate spelling. The directory is instead:
...system/classes/kohana/
I have a problem with ecap gzip adapter for squid.
I installed squid 3.1.10, libecap 0.0.3 and squid-ecap-gzip.
For squid I used cofiguration:
./configure --prefix=/usr/local/squid --enable-ecap --enable-icap --enable-icap-client --enable-icap-support --g
and I installed adapter following install procedures.
When I start squid in cache.log i can see that it can not load services from:
ecap://www.vigos.com/ecapal/lib/ecap_adapt_gzip
If any one knows what could have gone wrong, please tell me.
You have to create shared object '.so' file of your adapter and specify it in squid config using using
ecap_enable on
loadable_modules <path to .so file>
You can load your object like this at the /usr/local/squid/etc/squid.conf
ecap_enable on
loadable_modules /usr/local/lib/ecap_adapter_modifying.so
ecap_service ecapModifier respmod_precache uri=ecap://e-cap.org/ecap/services/sample/modifying
adaptation_access ecapModifier allow all