Count SYNs
by Matt on Aug.05, 2010, under /dev/random
A while back I was deploying a new high volume TCP application and I was interested in the number of connections from particular hosts I was seeing over a period of time. Who was connecting the most, that kind of thing. This one liner accomplishes that rather well. Replace 70.164.19.160 with your servers IP address and should get a list of top connecting hosts and the number of times each host as connected in ascending order. Alter -c 100 to specify the number of packets to capture. Basically what this does is capture the fist 100 SYN sent to the destination host, extract the send IP, sorts them and then counts the number of SYN packets from each host. Simple but effective. I love one liners like this.
time tcpdump -ieth0 -c 100 -nn dst 70.164.19.160 and 'tcp[13] & 2 == 2' | awk 'split($3,ip,".") {print ip[1] "." ip[2] "." ip[3] "." ip[4]}'| sort | uniq -c | sort -n
imdb url grabber
by Matt on Aug.04, 2010, under Linux
Here’s a quick and dirty shell script that will attempt get the correct IMDB link based on a files name. I use this to copy media into the appropriate places on my media server along with an NFO file that xbmc can use to download the appropriate movie info. This technique can be used to fetch links from google for a lot of different things from the command line. Be careful though, if you use this too many times (1000s?) in a short amount of time google will ban you for a while. I think the correct thing to do is use their API. I did say quick and dirty though 
Adjust path’s, etc. accordingly and try your luck.
#!/bin/bash
SEARCHSTRING=`echo $1|cut -d. -f1|sed 's/ /_/g'|sed 's/-/_/g'|sed 's/_/+/g'`
IMDBURL=`curl -iIs -A "Mozilla/5.0" "http://www.google.com/search?&q=site+www.imdb.com+$SEARCHSTRING&btnI" | grep Location | awk {'print $2'}`
echo $IMDBURL
Me @ Defcon 18
by Matt on Jul.26, 2010, under /dev/random
I’m presenting at Defcon 18 this weekend. My talk is about how ARIN transitioned to IPv6 on its own networks. The talk also goes over IPv6 implementation details in a more general sense. I wrote up a short summary for the defcon speakers corner blog which is located here: ARIN AND IPV6 AT DEF CON
Dulles still sucks
by Matt on Apr.18, 2010, under /dev/random
The new trains are nice and all but I don’t get why they build all of this new security infrastructure only to keep it closed when they are busy.
Sent from my iPhone
SCJA
by Matt on Mar.27, 2010, under /dev/random
Passed the SCJA recently. I actually thought the test was somewhat hard. Having to parse java source code in your head and making sure not to miss any “;” or other syntactical errors is kinda lame in my opinion. It is what it is though. I can recommend SCJA Certification Study Guide and Mock Exam Questions Book, by Cameron McKenzie. He does a good job of explaining some of the sneaky stuff SUn throws at you during this exam. His website is located here: http://freemockexamssunjava.scja.com/ExamScam/get.jsp
Walking in the woods
by Matt on Dec.02, 2009, under /dev/random
Thanksgiving @ smith mountain lake.
