This post extends the discussion on traceroute in previous post Traceroute, Firewalls & Geo-IP, and focused on intepreting the traceroute report.
Output format explanation: v--- the router/ip-addr traversed by the packet [Hop] [Hostname/(IP-addr)] [RTT1] [RTT2] [RTT3] ^--- transit no. of the route ^---- round-trip time The round-trip time (RTT) is the latency (delay between sending the packet and getting the response).
By default, traceroute sends 3 packets per TTL increment.
Table of Contents Traceroute ICMP mode UDP mode TCP mode Output format explanation Hping3 InTrace Nmap: traceroute-geolocation script Traceroute Traceroute is useful for diagnosing networking problems, e.g., end-to-end connectivty, complement with ping. It can also be used to pinpoint the location of devices, routers and firewalls. The tracerouting tools fundamentally rely on the IP packet’s field - TTL (Time-To-Live, decremented at each hop, dies at 0), they send short-life IP packets and wait for Time Exceeded ICMP packets reporting the death of these packets from a router, consequently reveal the route.
Table of Contents List of online and web-based tools Text-mode based Utility VirusTotalApi List of online and web-based tools https://www.virustotal.com: by VirusTotal, a subsidiary of Google https://exchange.xforce.ibmcloud.com: by IBM http://safeweb.norton.com: by Norton, Symantec http://www.avgthreatlabs.com/ww-en/website-safety-reports: by AVG ThreatLabs https://cymon.io: by https://eSentire.com http://www.reputationauthority.org: by WatchGuard Technologies http://isitphishing.org: by https://vadesecure.com Text-mode based Utility VirusTotalApi $ git clone https://github.com/doomedraven/VirusTotalApi.git It is an utility to search on VirusTotal databases [1] for malicious URLs and hashes of known malware.
Digital cameras (including smartphones) and computers (screenshots) embed technical metadata into image files. It serves great purpose to record image profiles but it could exposed some private information i.e., device profiles, GPS coordinates, etc and thus caused privacy issues.
Before share images online, strip clean the image EXIF (Exchangeable Image File) metadata. The libimage-exiftool-perl package contains the library and program to read and write meta information in multimedia files.
$ sudo apt-get install libimage-exiftool-perl To view the exif metadata:
Table of Contents hping3 and the firewall ICMP mode TCP mode UDP mode SCAN mode hping3 and the firewall Mode default mode TCP -0 --rawip RAW IP mode -1 --icmp ICMP mode -2 --udp UDP mode -8 --scan SCAN mode. Example: hping --scan 1-30,70-90 -S www.target.host -9 --listen listen mode ICMP mode The typical ping utility and the hping3 equivalent, sending ICMP-echo and receiving ICMP-reply:
Table of Contents Iptables UFW Manage ufw by predefined service names Extended syntax Reorders firewall rules Iptables List the configured rules:
# iptables -L # iptables -L -t nat iptables contains 5 tables, (-t, --tables): raw, filter, nat, mangle and security. In common use cases, filter and nat is used, where filter is associated with the firewall and nat is used for network address translation such as port forwarding.
My examples are in JS, on PhantomJS headless browser, it could be easily adapted to other languages. The script traverses a webpage and harvests all the URLs therein to check for malware/malicious sites through the Google Safe Browsing API.
192.168.1.9:~$ phantomjs chk-malinks.js http://some.malware.site 1: hshd.io 2: sourceforge.net 3: popup.taboola.com 4: www.geeksvip.com 5: my.hear.com ... 159: nba1001.net 160: www.pressroomvip.com 161: tracking.lifestylejournal.com 162: dsct2.com 163: www.historynut.com 164: www.buro247.my gsafe response json:{ "matches": [ { "threatType": "MALWARE", "platformType": "ANY_PLATFORM", "threat": { "url": "nba1001.