How to capture network traffic for analysis in Linux

While working to verify some windows setting, i had to capture the network traffic and confirm that the setting is in place. This steps below may help you as much as it did for me. :)

Capturing the network traffic

We can use our favourite packet capture tool to capture the network traffic between the source and destination hosts. Here, i will demonstrate both using the plain vanilla 'tcpdump' and 'tethereal' tool.

  # tcpdump -vvXX port 445 -w /dir_path/file_name

  # tethereal -p -w /dir_path/file_name port 445

You can see that i'm trying to capture as much data as i can although it may be excessive but it may be worthwhile if you find that you need those data later on.

Once you have the above in placed, you can then fire off the traffic that you want to capture. As in above example, i'm trying to capture SMB traffic.

Trigger the traffic

In this demonstration, i will use 'nmap' to trigger the SMB traffic.

  # nmap --script smb-security-mode.nse 192.168.1.1

You should see the 'tcpdump' output reporting that some traffic are captured.

[root@server ~]# tethereal -p -w /tmp/smb.capture port 445
Capturing on bond0
12

Below is the output for 'tethereal'. Your output should be similar.

[root@server ~]# tcpdump -vvXX port 445 -w /tmp/smb.capture
tcpdump: listening on bond0, link-type EN10MB (Ethernet), capture size 96 bytes
12 packets captured
0 packets received by filter
0 packets dropped by kernel

Display the network traffic for analysis

Now that the traffic has been captured, time to display them.
If you are using 'tcpdump', you may have to use another tool to analyse the network traffic as there is no functionality built in to decode the protocol that you are looking at.


To display using 'tcpdump', try this.

  # tcpdump -vvXX  -r /tmp/smb.capture

Here, you may want to use a free, online tool at [http://sadjad.me/phd/]. This is literally a packet HEX decoder. you need to copy out those HEX for a particular packet into the webpage and click 'decode'. After that, just click on the result to expand and read the information that is decoded.

If you are using 'tethereal', try this instead.

  # tethereal -Vx -r /tmp/smb,capture  | more

Yes, i was trying to find out if the SMB protocol was set to encrypted plus signing enabled + signing required. Here's the essential part of the output.

        Security Mode: 0x0f
            .... ...1 = Mode: USER security mode
            .... ..1. = Password: ENCRYPTED password. Use challenge/response
            .... .1.. = Signatures: Security signatures ENABLED
            .... 1... = Sig Req: Security signatures REQUIRED

Thats all folks!

How to Open Two Excel Files to work on Side by Side

Opening two separate Excel files to work on side by side

Sometimes, we want to have the flexibility to work on excel files side by side, not within the excel application but on 2 separate excel applications.

how do we go about doing that?

[Option A] Configure Excel first

In Excel 2007/2010, click on Office button, then Excel Options, then Advanced Tab
Under General section,  check ‘Ignore other applications that use Dynamic Data Exchange’.
This method forces each Excel file as a separate instance, the memory consumption will be more. If you have memory constrain (maybe less than 512Mb of memory in computer?), may want to use option B.

[NOTE] If you have issues like excel opens but cant display a workbook, you may not use this option. .

[Option B] Open another instance of Excel

Since we want to have each worksheet in separate instances, say one Excel file in Monitor 1 and another in Monitor 2, you can go through the Start Menu ->Programs -> Microsoft Office -> Excel. Alternatively, you can right click on the shortcut and click the "Microsoft Office Excel 2007". This will also open a separate instance of Excel.
Now you can place the 2 workbooks on 2 separate monitors or as you fancy.

[NOTE] In Excel 2013, It appears that you do not need to configure anything and you can have separate instances already. :)

How to find the location of the current file in Office 2007/2010

In office 2007/2010, this is called “Document Location”.

Here’s how to enable it.

1) Click on the pull down menu on the top left of the window box (beside the Microsoft Office, save, undo, redo buttons) then click on “More commands”

2) Look for the “Document Location” and add it.

3) Click ok and you are done. The address is on the top left of the window box.

You can do this for word / excel / ppt.

Enjoy!