Static in the Ether » tools

convert man pages to PDF

Barry Irwin — Sun, 09 Aug 2009 14:22:19 +0000

Recently I had need to produce pdf files of some man pages simple because the are far easier to print and review onscreen. The following snippet added to my .bash_profile does the trick.

# Convert man pages to pdf man2pdf() { m2pfile="/tmp/${1}-m2p.pdf" if [ ! -s $m2pfile ]; then # is it there and > zero bytes man -t "${1}" | ps2pdf - > "$m2pfile" fsize=`du -k $m2pfile | awk '{print $1}'` echo "Created PDF file in $m2pfile ($fsize KB)" fi }

It can trivially be extended to check for things like a $DISPLAY variable and pop up a viewer or request to print. The caching is admittedly crude, but works since /tmp is cleared out periodically. Output looks like:

[bvi@starburst ~]$ man2pdf ls Created PDF file in /tmp/ls-m2p.pdf (20 KB)

Nmap goes 5.0

Barry Irwin — Thu, 16 Jul 2009 18:12:43 +0000

NMAP officially went to version 5.0 today, being described as the most significant release since 1997. I find it hard to believe I’ve been using this for 12 years. and will hopefully be around for many more.

FreeBSD ports are still holding 4.90RC1 form 10 days ago, but are likely to get updated soon.

Converting Internet Barometer Data

Barry Irwin — Tue, 30 Jun 2009 23:20:42 +0000

My first foray into the tag soup that is XSL and XSLT has been to turn the XML outputs from the InterNet Barometer System as discussed previously into plain text output which I can use more easily for comparing with some of my other data sources. While A cursory browse cannot find any Terms & conditions for the use of this data, I think I’m on safe ground given that all I’m doing is processing the same xml that is consumed by the flash objects and its not for any kind of commercial use. After hunting around for tools, and wasting a pile of bandwidth on “enterprise editions” I ended up constructing this based on some tutorials at w3c.org using good old vim. I was very tempted to just revert back to sed & awk, or even try my hand at python’s parsing, but decided that I may as well ‘do it right’. The result of a few hours work this evening while watching a filesystem rebuild is shown below:
, , , ,
This through the magic of xsltproc produces a nice plain text output:

xsltproc map2.xsl asia.xml

given the input from the Asia attack graph produces:

30-06-2009 05:00:17 GMT,RU,Russia,15387,green 30-06-2009 05:00:17 GMT,TR,Turkey,7137,green 30-06-2009 05:00:17 GMT,CN,China,2468,green 30-06-2009 05:00:17 GMT,MY,Malaysia,4158,green 30-06-2009 05:00:17 GMT,IN,India,2631,green 30-06-2009 05:00:17 GMT,TH,Thailand,1823,green

While not the most elegant code, its gets done what I need, and is easily extensible enough to be able to transform to other formats suitable for DB import. I’ll need to monitor data over the next couple of days to get an idea as to how the counters used are actually operating. Once that has been established I can star doing some meaningful comparisons.

Security Tools update

Barry Irwin — Fri, 06 Feb 2009 21:48:53 +0000

Over the last week or so a number of new tools have been release either for the first time or as updated versions:

tcpreplay is now at version 3.4.0 with a number of significant bugfixes. This staple of packet analysis allows for the replay of captured pcap file back over network interfaces. Its a great way of having a repeatable test framework, or for explosing yout NIDS system to collected bad traffic.
picviz 0.5 has been released. I blogged about this before and the project seems to be comming on nicely. Formy own purposes its not much use with my network telescope data, but does produce some pretty pictures for some other work Ive been doing of late. The new version comes with a bumber of new log parsers. A slide deck discussing its use as presented at USENIX 2008 is also available.
pcapr is the new tool out and describes itself as “web 2.0 meets packets“, and “pcapr does to packets what flickr does to pictures”. If it performs as promised it could make life a lot easier maintinaing libraries of packet captures. The fact its a hosted service does have some distinct disadvantages. Currently there seems to be quote a lot of little snippets. An RSS feed of new content is also available. Another similar repository s that of openpacket.org
libtrace while not a new tool as such, is somethign I’ve started workign with recentlyafter comming across it in Dean Pemberton’s MSc Thesis2007 on Internet Background Radiation Arrival Density and Network Telescope Sampling Strategies. The api looks pretty clean and it comes with a couple of nice demo tools which are actually useful. the URI syntax it uses for accessing files is a little strange but managable.

New Infosec Viz Tool – Picviz

Barry Irwin — Fri, 24 Oct 2008 06:48:46 +0000

Version 0.3 of PicViz has been released, based on python and QT – which bodes well for potential portability. This is yet another tool to help one actually filter through piles of connections, using a classic parallel axis setup. Drilldown is offered. Some example renderings of the Kaminsky DNS attacks are available.

A more advanced version of the kind of output achievable is also provided showing how with the help of a pre-processing script, the SSH login process can be graphed:

Graphs are produced via an intermediate scripting language which has by design strong similarity to that used by Graphviz. I’ll definatley be adding this to my toolset and seeing how it handles processing of some of the rather large data sets Ive got.