Xplico is a NFAT or Network Forensics Analysis Tool that is designed to either capture traffic in real time sessions or to provide an interface to upload PCAP (Packet Capture Data) files for analysis. The current version in Backtrack Linux 5 release 3 is 0.7 however the latest Xplico version is Xplico 1.0.1. I believe there are some dependencies required in the later versions of Xplico so I will write an updated article once Backtrack 6 comes up and the latest version of Xplico can easily be installed.
Recently while working on some node or instance automation using RightScale I needed to have some extra iptables rules created automatically when a new node booted. Initially I was just trying to do this via iptables commands which I note below but it would never work. After digging through the logs I realized that the iptables commands created by RightScale for the ServerTemplate I was using flushed iptables at the very end of the boot process and thus wiped out the iptables entries created by the RightScript I had created. To accomplish permanent iptables entries for a RackSpace node via RightScale you need to output the iptables command to a file in the location where the boot process picks them up after flushing the current ruleset. Below I describe my first attempt followed by the correct way to have iptables entries picked up by RightScale.
I recently updated iTunes and QuickTime on my Windows 7 PC and afterwards noticed that when opening a .PSD (Photoshop Document) file that instead of opening in Photoshop the file opened in PictureViewer. I wasn’t even familiar with PictureViewer at first however after a little searching I realized that PictureViewer is now installed with QuickTime by default which is really annoying since I already have dozens of picture viewing applications. Anyhow what it meant was that I needed to modify how file types associated to applications which is what is described in more detail. I will first describe how to change a single file type to match a single application and then I will describe how to associate a single program to many file types at the same time.
The next tool I will be reviewing is from the same suite of tools as netenum and netmask. Protos is a IP protocol scanner. It goes through all possible IP protocols and uses a negative scan to sort out unsupported protocols which should be reported by the target using ICMP protocol unreachable messages.