The Compressed Pcap Packet Indexing Program (cppip) is a tool to enable extremely fast extraction of packets from a compressed pcap file. This tool is intended for security and network folk who work with large pcap files. This article provides a complete discussion of the tool and is split into two parts. The first part, intended for end-users, will explain in detail how to build and use the tool. The second part, intended for C programmers, covers cppip’s inner workings.
Cppip is a command line utility designed to make packet extraction from large pcap files extremely fast — without having to uncompress the entire file. It relies on pcap files that have been compressed using the freely available bgzip, a backward compatible gzip utility that boasts a special additive — the ability to quickly and cheaply uncompress specific regions of the file on the fly. You will find cppip quite useful if you work with large pcap files and have the need to extract one or more packets for subsequent inspection. As you’ll see, preparing your pcap files for use with cppip is a two step process of compressing the pcap file with bgzip and then indexing it with cppip. But before you can use cppip, you first have to install it. Read More »
Tags: open source, packet capture, pcap, security
Hello IP Surveillance Enthusiasts,
ISC West was held at Las Vegas between Apr 10-12, and we continued the engagements with our partners on Cisco Medianet Plugfest here. Plugfest was launched at ASIS Philadelphia in September 2012, and from then till now, we have been actively working on getting partners on-boarded into Cisco’s MSP Cisco Developer Network (CDN) program, evaluating the test results gathered during ASIS and making recommendations to partners on improving interoperability with the network.
At ISC West, we had the wonderful opportunity to touch base with many of our partners already in CDN, and the ones we are closely working with on the process.
These were the sessions/interactions we had on Plugfest at ISC West -
Read More »
Tags: asis, business video, cdn, enterprise networks, ip video surveillance, isc west, medianet, msp, plugfest, rich media applications, security, video, video surveillance
Great challenges can bring great opportunities to any business, and with the inevitability of cloud on the horizon, IT organizations will need to embrace this change. Taking the first, second or even third step can be scary, but the return on taking such risks will pay off so long as the IT organization champions the deployment.
Cisco itself has also had to face these risks of deploying cloud, and has already embarked on the private cloud (IaaS) journey —all the way from virtualizing the compute, network, and storage resources to integrating change management, and metering services for “pay as you use”.
Some of the challenges that we encountered typical that other IT organizations could face in cloud adoption were:
• Ensuring security. Each cloud solution has to be matched to appropriate security capabilities. The new capabilities may include centralized management (vs. trying to manage firewalls on ever-changing edges or trying to manage security on each endpoint), scalable multi-tenant architectures, real-time threat analysis and dynamic mitigation delivery.
Read More »
Tags: Cisco cloud, Cisco Partner, cloud, Cloud Computing, cloud services, government it, security
Often it is quite surprising how long old, well-known vulnerabilities continue to be exploited. Recently, a friend sent me an example of a malicious script used in an attempted attack against their server:
The script attempted to exploit the Horde/IMP Plesk Webmail Exploit in vulnerable versions of the Plesk control panel. By injecting malicious PHP code in the username field, successful attackers are able to bypass authentication and upload files to the targeted server. These types of attacks could be one avenue used in the DarkLeech compromises. Although not as common as the Plesk remote access vulnerability (CVE-2012-1557) described in the report, it does appear that this vulnerability is being actively exploited. Read More »
Tags: botnet, botnets, Cisco Security, malware, security, security updates, TRAC
The Common Vulnerability Reporting Framework (CVRF) is a security automation standard intended to make your life easier by offering a common language to exchange traditional security and vulnerability bulletins, reports, and advisories. You can read more about it on the official ICASI CVRF 1.1 page, in my CVRF 1.1 Missing Manual blog series, or in the cvrfparse instructional blog. CVRF 1.1 has been available to the public for almost a year and we would like to know how its helped and how we can improve it. Please take a moment to take the poll and please feel free to share it with any interested parties. Comments are encouraged and welcomed. The more feedback we get, the more we can improve CVRF.
Read More »
Tags: advisories, Cisco Security, cvrf, cybersecurity, exploits, psirt, security, vulnerability