lost and found ( for me ? )

small tips : How to split a pcap file with editcap


Here's a small tip of how to split a pcap file by using editcap command which includes wireshark.

Here’s an excerpt of “man editcap”.
      -c  <packets per file>
          Sets the maximum number of packets per output file. Each output
          file will be created with a suffix -nnnnn, starting with 00000. If
          the specified number of packets are written to the output file, the
          next output file is opened. The default is to use a single output
          file.

[ example ]

split the pcap file ( large.pcap ) per 10,000 packets.
# editcap -c 10000 large.pcap 10000packets-out

# ls 10000packets-out-0* | head -5
10000packets-out-00000
10000packets-out-00001
10000packets-out-00002
10000packets-out-00003
10000packets-out-00004

Ksplice : Apply kernel security updates without rebooting


[ what’s Ksplice ? ]

Ksplice , Oracle has acquired on July 21, 2011 , provides the technology of applying kernel security updates without rebooting.

http://www.ksplice.com/

You can use this technology on Oracle Linux , Ubuntu desktop , CentOS , Scientific Linux and Fedora etc.
It seems that ksplice for some distributions such as Ubuntu server , CentOS etc are not free.

[ use Ksplice on Ubuntu 11.10 Desktop ( not Ubuntu server ) ]

get the access key as below
http://www.ksplice.com/uptrack/key

create the repository file for ksplice
# cat /etc/apt/sources.list.d/ksplice.list
deb http://www.ksplice.com/apt oneiric ksplice
deb-src http://www.ksplice.com/apt oneiric ksplice

install ksplice
# apt-get install ca-certificates
# wget -N https://www.ksplice.com/apt/ksplice-archive.asc
# apt-key add ksplice-archive.asc
OK
# apt-get update ; apt-get install uptrack

paste the access key you got from http://www.ksplice.com/uptrack/key



edit uptrack.conf if you want to apply kernel updates automatically.
root@hat2:~# tail -2 /etc/uptrack/uptrack.conf
#autoinstall = no
autoinstall = yes

apply kernel patches.
# uptrack-upgrade -y
The following steps will be taken:
Install [tbralfyx] Clear garbage data on the kernel stack when handling signals.
Install [45hi1vy1] CVE-2011-2494: Information leak in taskstats.
Install [prmvsms6] Fix unsafe user pointer access in sendmsg.
Install [gwr0oea1] CVE-2011-1161: Information leak in transmission logic of TPM driver.
Install [t9ao2jv9] CVE-2011-1162: Information leak in TPM driver.
Install [nfb7a5jw] NULL pointer dereference in kernel alarm timer.
Installing [tbralfyx] Clear garbage data on the kernel stack when handling signals.
Installing [45hi1vy1] CVE-2011-2494: Information leak in taskstats.
Installing [prmvsms6] Fix unsafe user pointer access in sendmsg.
Installing [gwr0oea1] CVE-2011-1161: Information leak in transmission logic of TPM driver.
Installing [t9ao2jv9] CVE-2011-1162: Information leak in TPM driver.
Installing [nfb7a5jw] NULL pointer dereference in kernel alarm timer.
Your kernel is fully up to date.
Effective kernel version is 3.0.0-13.22


# uptrack-upgrade -y
Nothing to be done.
Your kernel is fully up to date.
Effective kernel version is 3.0.0-13.22


# uptrack-show
Installed updates:
[tbralfyx] Clear garbage data on the kernel stack when handling signals.
[45hi1vy1] CVE-2011-2494: Information leak in taskstats.
[prmvsms6] Fix unsafe user pointer access in sendmsg.
[gwr0oea1] CVE-2011-1161: Information leak in transmission logic of TPM driver.
[t9ao2jv9] CVE-2011-1162: Information leak in TPM driver.
[nfb7a5jw] NULL pointer dereference in kernel alarm timer.

Effective kernel version is 3.0.0-13.22


# uname -r
3.0.0-12-generic

# uptrack-uname -r
3.0.0-13-generic

Please note that ksplice provides *kernel* security updates , so you need to apply software updates via apt-get , yum or something.

If you want to use GUI version , just install uptrack-manager.
# apt-get install uptrack-manager