small tips : How to split a pcap file with editcap

Here's a small tip of how to split a pcap file by using editcap command which includes wireshark.

Here’s an excerpt of “man editcap”.

-c  <packets per file>           Sets the maximum number of packets per output file. Each output           file will be created with a suffix -nnnnn, starting with 00000. If           the specified number of packets are written to the output file, the           next output file is opened. The default is to use a single output           file.

[ example ]

split the pcap file ( large.pcap ) per 10,000 packets.

# editcap -c 10000 large.pcap 10000packets-out

# ls 10000packets-out-0* | head -5 10000packets-out-00000 10000packets-out-00001 10000packets-out-00002 10000packets-out-00003 10000packets-out-00004

Ksplice : Apply kernel security updates without rebooting

[ what’s Ksplice ? ]

Ksplice , Oracle has acquired on July 21, 2011 , provides the technology of applying kernel security updates without rebooting.

http://www.ksplice.com/

You can use this technology on Oracle Linux , Ubuntu desktop , CentOS , Scientific Linux and Fedora etc.
It seems that ksplice for some distributions such as Ubuntu server , CentOS etc are not free.

[ use Ksplice on Ubuntu 11.10 Desktop ( not Ubuntu server ) ]

get the access key as below
http://www.ksplice.com/uptrack/key

create the repository file for ksplice

# cat /etc/apt/sources.list.d/ksplice.list deb http://www.ksplice.com/apt oneiric ksplice deb-src http://www.ksplice.com/apt oneiric ksplice

install ksplice

# apt-get install ca-certificates # wget -N https://www.ksplice.com/apt/ksplice-archive.asc # apt-key add ksplice-archive.asc OK # apt-get update ; apt-get install uptrack

paste the access key you got from http://www.ksplice.com/uptrack/key

edit uptrack.conf if you want to apply kernel updates automatically.

root@hat2:~# tail -2 /etc/uptrack/uptrack.conf #autoinstall = no autoinstall = yes

apply kernel patches.

# uptrack-upgrade -y The following steps will be taken: Install [tbralfyx] Clear garbage data on the kernel stack when handling signals. Install [45hi1vy1] CVE-2011-2494: Information leak in taskstats. Install [prmvsms6] Fix unsafe user pointer access in sendmsg. Install [gwr0oea1] CVE-2011-1161: Information leak in transmission logic of TPM driver. Install [t9ao2jv9] CVE-2011-1162: Information leak in TPM driver. Install [nfb7a5jw] NULL pointer dereference in kernel alarm timer. Installing [tbralfyx] Clear garbage data on the kernel stack when handling signals. Installing [45hi1vy1] CVE-2011-2494: Information leak in taskstats. Installing [prmvsms6] Fix unsafe user pointer access in sendmsg. Installing [gwr0oea1] CVE-2011-1161: Information leak in transmission logic of TPM driver. Installing [t9ao2jv9] CVE-2011-1162: Information leak in TPM driver. Installing [nfb7a5jw] NULL pointer dereference in kernel alarm timer. Your kernel is fully up to date. Effective kernel version is 3.0.0-13.22

# uptrack-upgrade -y Nothing to be done. Your kernel is fully up to date. Effective kernel version is 3.0.0-13.22

# uptrack-show Installed updates: [tbralfyx] Clear garbage data on the kernel stack when handling signals. [45hi1vy1] CVE-2011-2494: Information leak in taskstats. [prmvsms6] Fix unsafe user pointer access in sendmsg. [gwr0oea1] CVE-2011-1161: Information leak in transmission logic of TPM driver. [t9ao2jv9] CVE-2011-1162: Information leak in TPM driver. [nfb7a5jw] NULL pointer dereference in kernel alarm timer. Effective kernel version is 3.0.0-13.22

# uname -r 3.0.0-12-generic # uptrack-uname -r 3.0.0-13-generic

Please note that ksplice provides *kernel* security updates , so you need to apply software updates via apt-get , yum or something.

If you want to use GUI version , just install uptrack-manager.

# apt-get install uptrack-manager