A while back I was deploying a new high volume TCP application and I was interested in the number of connections from particular hosts I was seeing over a period of time. Who was connecting the most, that kind of thing. This one liner accomplishes that rather well. Replace 70.164.19.160 with your servers IP address and should get a list of top connecting hosts and the number of times each host as connected in ascending order. Alter -c 100 to specify the number of packets to capture. Basically what this does is capture the fist 100 SYN sent to the destination host, extract the send IP, sorts them and then counts the number of SYN packets from each host. Simple but effective. I love one liners like this.

time tcpdump -ieth0 -c 100 -nn dst 70.164.19.160 and 'tcp[13] & 2 == 2' | awk 'split($3,ip,".") {print ip[1] "." ip[2] "." ip[3] "." ip[4]}'| sort | uniq -c | sort -n

I’m presenting at Defcon 18 this weekend. My talk is about how ARIN transitioned to IPv6 on its own networks. The talk also goes over IPv6 implementation details in a more general sense. I wrote up a short summary for the defcon speakers corner blog which is located here: ARIN AND IPV6 AT DEF CON

The new trains are nice and all but I don’t get why they build all of this new security infrastructure only to keep it closed when they are busy.

Sent from my iPhone

Passed the SCJA recently. I actually thought the test was somewhat hard. Having to parse java source code in your head and making sure not to miss any “;” or other syntactical errors is kinda lame in my opinion. It is what it is though. I can recommend SCJA Certification Study Guide and Mock Exam Questions Book, by Cameron McKenzie. He does a good job of explaining some of the sneaky stuff SUn throws at you during this exam. His website is located here: http://freemockexamssunjava.scja.com/ExamScam/get.jsp

Thanksgiving @ smith mountain lake.

Sent from my iPhone

So I’ve moved back to Wordpress. Drupal is nice but it was overkill for what I needed. I liked Wordpress the last time I used it and now that I’ve discovered the postie plugin I’m happy. Being able to use email to post is very nice indeed. I’ve been toying with the idea of writing my own lightweight blogging software but using something with a large community like Wordpress has it’s advantages.

Sent from my iPhone

Postie let’s you post to wordpress via email. Cool. Some tips for using postie after the bump…
(continue reading…)