I have been playing around with xplico which is a NFAT (Network Forensics Analysis Tool) tool included in Backtrack Linux. Pretty cool application though there are some things I am still figuring out or may be caused by the version be older in Backtrack. One of the main items where I could see new users to Xplico running into is actually noted numerous times on Xplico’s website and so I simply wanted to expand on what has already been noted there. If you are having issues uploading pcap files via the Xplico web interface then it is likely related to the size of the pcap file and the size that the Apache web server will accept. Use the information below to modify the web server configuration to allow larger files to be uploaded.
We have had a couple requests to write a post about readpst which is included in the default path of Backtrack 5 and also located in the Backtrack menu underneath Forensics/Forensics Analysis Tools. The readpst application will read PST files which are also known as Microsoft Outlook Personal Folders and convert them to mbox, MH, or KMail formats. There are various other switches that can be used to output each email into a separate file, include attachments, modify contact formats, be recursive, etc. I will explain basic functionality below along with a couple of the formats and various switches.
After upgrading a bunch of WordPress plugins on a site I noticed that comments were not functional on my site for users that were not logged in. This can always be tricky because if someone reports comments not working to the WordPress site administrator they likely will be logged in when they test the comments and think there is nothing wrong. Anyhow if comments are throwing an error and you have the SI Captcha Anti-SPAM WordPress plugin installed then the below content will assist you to resolve the problem.
If you ever need to write a shell script that uses either SSH or SCP to unknown hosts then you will likely have run across the issue of adding the remote host/server to the known_hosts file when automating either of the two commands are called within the script. You can easily get around this either by modifying the client computers ssh_config file or by using the -o switch available for both SSH (Secure Shell) and SCP (Secure Copy). Below we show how to modify the ssh_config file as well as an example of using each with the -o switch.
There could be numerous reasons to create a fake Ethernet interface on a Linux server though I have heard that people might do so to get around licensing of software that is tied to the MAC address of a specific Ethernet port. You really just enable a dummy Ethernet interface and assign the MAC address to it which is explain in more detail below. The easiest way to do this is to simply assign a MAC address to an Ethernet interface you are not using on your server where the drivers have already been installed automatically. If you do not have a spare Ethernet interface then the instructions below will assist you to accomplish your goal.