Slashdot Mirror

That's because the Chrome and Firefox web browsers and the Thunderbird mail client have enough of a budget for multi-platform development and testing.

I use the same image editor on all three platforms. I use the same network analyzer on all three platforms. I use the same video tools on all three platforms. I use the same office suite on all three platforms. I use the same shell, the same command line tools, the same interpreters on all three platforms.

The claim that native applications equal only one operating system is plainly false. It's pointless trying to defend that position.

Time between reboots has so much to do with what is installed and running - my clean Win10 machines only reboot when updates make them do it

This is one of the many reasons why I don't run Windows 10 because when I get updates on my Linux machine I get to choose when I install them and if required when I reboot. Even if I choose to install updates they don't interfere with what I am currently doing. I also have had this freedom for years.

BTW. I do have Windows 10 installed in a virtual machine (legitimate license). I actually used the Windows 10 ISO which is a free download from Microsoft and is 4.2GB so I would recommend getting it for recovery purposes if you really want to run Windows 10. The installation is quite simple and quick although I would strongly recommend using the advanced setup rather than the quick install.

When I say use the advanced setup when installing from the Win 10 ISO you will see many settings that are by default turned on which would be the case with the quick install. Whether you choose to turn off those settings is up to you although I personally find they tick all the boxes for the definition of malware . Even if you do lock the machine down you still have to go into the registry (oh! yes everyone knows how to edit this) and even then you may not get everything. Third party software (if you trust them) can help but they still may not get everything.

Even after you think you have locked down Windows 10 if you use tools like Wireshark and/or Etherape and you will see that Windows 10 loves to chat with outside machines (Owned by? You guessed it Microsoft) which may not even be in the same country you live in.

What is interesting is the install of Windows 10 is over 5GB which is really bare bones (ie. no applications like Office .. etc) compared to my Fedora 25 desktop with over 2,200 packages (includes Multiple browsers, Office suites, Multimedia, CAD, Statistical and Scientific packages) and is only 7.2GB and all my packages get updates when available without me having to manually search for them. Even when I get updates most of the time a reboot is not needed although if I get a new kernel a reboot (when I decide) takes about 60 seconds and that includes logging in and starting my preferred applications (SSD's are great).

Anybody really think they will let him die? Please! There will be feeding tubes going into both ends..

Well, I don't think he has anything to worry about since "Hacking" is not a crime and if it is made into one then I think that will be rather difficult to enforce since you would have to lock up most of the population of this planet. Now "Cracking" (think safe cracker) is a different matter.

IT writers, popular press and especially Holywood have been getting the definition of "hacker" wrong for over 25 years.

Even Wikipedia has got it wrong (from an older school perspective) in their initial definition of the word Hacker although if you read further the article does mention the historical difference between the words "hacker" and "cracker". Ah! the power of the ill-informed media.

Repeat after me "A computer hacker is someone who writes and modifies computer code. A computer cracker is someone who illegally breaks into computer systems". As an example, a hacker can write and modify computer code for nefarious purposes but it is only when that code is used for illegal purposes then the person who uses it becomes what is called a "black hat hacker", "script kiddy" or more accurately a "cracker".

Not convinced? How about downloading Wireshark . It's free and it is an excellent network checker. Run Wireshark in the confinement of your home and you are effectively hacking your own network by capturing and analyzing all packets. Run Wireshark outside your own home without permission (written is best) and you could be in trouble for trying to crack any networks that your PC can see.

We need a grey-hat to take this and use it to "secure" all the insecure IoT devices, be it patching, changing passwords, or bricking them.

The problem you have here is that if you get caught attempting to crack IoT devices even with the best of intentions you could be charged as a criminal cracker. The only way to legally run network sniffing software which can also include tools like Wireshark is to actually get written permission and therein lies the problem.

Anyone who has worked in the enterprise should be well aware of the tiers bureaucracy of the organisation and how some departments can be downright antagonistic to others to the point where cooperation is almost impossible. So say you have someone who offers to test IoT in a particular organization but is not a member of the department who should be responsible for the testing the hardware or worse yet there are multiple departments involved. Honestly without written permission from the CEO any well meaning "grey hat" risks a prison term.

The best solution is for IPS's to be aware and have the ability to pinpoint the sites were these IoT devices have been compromised and submit a report that can't be disputed to a particular body that has the power to fine the organisations responsible for lax security. I am not holding my breath for something like this to occur though.

Windows 10 gets a lot of criticism around here, but I suspect most of the criticism comes from people who haven't actually use it. If you do use it the reality is far worse.

This is a good point. Having read all the horror stories and comments, I don't want to risk using Windows 10. So, yes, at least implicitly I'm criticizing it without having used it. I'll stick with Linux Mint and very occasional use of a Windows 8.1 partition (which I really don't need except for seldom played games).

I run Windows 10 in a virtual machine but even then it loves to phone home and that is before I even log in.

Here is a simple test for people running Windows 10. Download Wireshark . You will have to do a little reading to get an idea of how Wireshark works and reports what it sees but it is well worth it. Once you get a basic understanding of how Wireshark works then do the following:

1) Make sure you don't have any web services such as browsers, mail clients or torrents running.
2) Start Wireshark and select the network port you are using.
3) You should notice that your PC's IP address will talk to your router's IP and vice versa, so you will get a small amount of network traffic there.
4) Now any other network traffic is part of what the OS or any applications that you failed to stop is trying to send and receive.
5) To be fair you may see a few incoming IP's that are trying to crack your system which hopefully should block them so there shouldn't be too many (worry if there are).
6) Note down any regular IP address that your machine is receiving (ie. Incoming) and the IP addresses that your machine is sending to (ie. Outgoing).
7) Now you can turn off Wireshark because you will need to start a browser and this will make it go ballistic.
8) Bring up an IP address reporting site. I use this one and enter the IP addresses you find. You should find the results interesting.

If you find that your Windows 10 OS is not chatty then congratulations you aren't running Windows 10. :-)

If you were running a Linux OS then by doing the above you would not see any suspicious network traffic (well hopefully not, but you will be aware) unless your update service which you control kicks in.

Actually, it would be interesting to do what I have suggested with Windows 7/1/8.1. Any volunteers?

Warning: Only run Wireshark at home. Don't run Wireshark in any other place unless you have written permission to do so since by doing so you could be arrested for being a "cracker" which is a criminal offence.

Note the difference between the words "hacker" and "cracker", the so called IT technical writers have been getting wrong for well over 20 years.

Actually, Barancles Nerdgasm used to work for Microsoft and has a few Youtube videos on Windows 10 which he fully admits is a reasonably fine operating system. However, he pulls no punches when it comes to the privacy features of windows 10 which he finds appalling.

I installed Windows 10 Genuine Malware edition :-) on a virtual machine running under Linux and even after turning off all the privacy features the OS still likes to call home ( Wireshark is your friend here) and that is even before I log into the OS. Needless to say, I don't trust Windows 10 and I have not started up its virtual machine since then.

Note: I actually use the following IP address lookup site to determine which machines Windows 10 was talking to and "You Guessed it" they were all owned by Microsoft. It would not be too bad (well maybe) if those sites were in the country where I live which is Australia but they were in other countries including the USA. I can understand authentification at a stretch but the sheer amount of information being sent was ridiculous.

Well, honestly, I just scratched Windows off my main laptop a couple days ago for Linux Mint 18, so this really might help Linux adoption finally. I feel much more relieved running Linux after Windows Spyware Edition. It's finally ready as long as the systemd shit doesn't have spyware embedded in it, but I really don't know.

You do know you can get the source for "systemd" so you can find out yourself. Personally, I don't have a problem with "systemd" and have been using on Fedora for years now and have yet to be convinced that it causes problems other than the usual rantings of people who can't even provide examples.

Now Windows 10 on the other hand, I can prove since all you need to do is instal it in a virtual machine and attempt to lock it down. Now fire up Wireshark and make sure there are no web browsers running or torrents or any other application that will cause too much web traffic except for the usual handshake between your machine and your router.

Once you have done as I have suggested then start up your Windows 10 virtual machine and watch your Wireshark display go ballistic even though we have not even logged into Windows 10 yet. Now comes the interesting part, grab the IP addresses that Windows 10 talks to and do a simple IP search (I use an IP search for this) and guess who owns them? In fact, some of those IP addresses will not be in the country you live in.

Now do the same thing with Linux Mint or pretty much any Linux distribution and you will see it does not talk to outside services unless you use applications such as Browsers or torrents.

Google doesn't have a monopoly on the desktop... hasn't been convicted of illegally using that monopoly to give a market advantage vs competitors including their browser. That would be apples to apples if Microsoft were advertising Edge on bing. Yet again, Microsoft is up to their old tricks. Sleezily shoving windows 10 down the throats of users and now slimy tricks to get people to install their new browser.

Well to be fair, if you install Windows 10 or even upgrade to Windows 10 you do get the Edge browser by default. To get other web browsers if you did a fresh install (not sure about an upgrade) you actually have to use the Edge browser to get them.

What I don't like about Windows 10 is by default all "settings" are turned on and while it is fairly easy to turn off the more intrusive settings you do have to edit the registry to lock down the OS even further. This is fine if you do have some technical knowledge or use third party software that you trust but most people have no idea how to secure Windows 10 and I think Microsoft likes it this way.

Even if you lock down Widows 10 it still likes to phone home. I have Windows 10 in a virtual machine and on startup before I even log in, it actually goes out and talks to some machines and, you guessed it these machines are owned by Microsoft ( WireShark is great for detecting things like this). Needless to say, my Windows 10 virtual machine is hardly ever run and just remains a curiosity for me.

Again being fair, Windows 10 appears to be a very functional OS and it is possible to turn off most of the intrusive settings, however, if I compare it against my Fedora 24 plasma spin which I can customise to what I like and want it is rather pedestrian.

Well, the only thing people using W10 are satisfied with is the lack of an install-W10-now nag screen.

You are quite right, but little do they know is the Win10 now phones home every time you fire up the operating system which the average user is not aware off.

Wait I hear you say but I can lock down Win10 so that it does not phone home. My answer is "Are your really sure of that?". As a simple test, you need to be running an operating system that you can definitely be sure that it is not sending packets to miscellaneous sites. I use WireShark since it is very good and it's also free). A Linux distro is probably a safe bet but you can try Windows 7 or earlier if you can be satisfied that any network traffic is minimal and that means no web browsers running. Next, install Win10 via iso which you can get from Microsoft here in a virtual machine. You will need a legitimate license key to activate your copy of Windows 10. Don't forget to do a customized install and lock down all features that you think are intrusive (I actually turned them all off).

The next step is a little more complex since you have to log in to your Win10 virtual machine, open up the Security menu settings and turn off all additional intrusive setting (yes there are quite a few). Now go into the registry (refer to trusted web sites for this) and lock down other intrusive settings and hopefully you are done. Oh you will have to periodically check your settings in case mandatory Microsoft updates have turned some settings back on (for our own good, of course).

Now comes the big test. With your Win10 virtual machine off, start your network analyzer and make sure there is little network activity on your machine. Now start your Win10 virtual machine and if you have a locked down Win 10 you should not see any additional network activity except for router acknowledgment. Next, try logging into your Win10 machine and note down any IP addresses that your virtual machine tries to talk to. If you do get any IP addresses you can do a search for them here . Guess who will own them?

I actually tried the above on my Fedora machine and before I even logged in Win10 was talking to a few sites and guess who owned those sites.

You can skip all the above and actually just run a network analyzer on Win10 but you definitely want to make sure there is little network activity which means no web browsers (especially Edge) running. What is important here is to look at all packets going out and where they are going to.

Even if you decide to persevere with Windows 10 (most will) it is a very good idea to get the ISO install file and keep it on a USB stick in the event you need to recover your Win10 OS for whatever reason. BTW: Don't fire up a network analyzer outside your own home unless you have written permission do so, otherwise you could be accused of "cracking" which is a criminal offense. Please note the difference between "hacking" and "cracking" since so-called IT professional writers have been getting it wrong for well over 20 years.

I always hear "Well I have nothing to hide." said when I mention what Win10 by default does and my reply is "Oh! Why don't you give me or any social media site all your personal details such as Bank, credit card information, sexual preferences etc, after all, you have nothing to hide right!".

For those that think what I said is all too difficult well, there is is a saying "You have nothing to lose but your chains" even if those chains are gold plated. After all, gold plating usually rubs off and all you are left with are rusty chains and by then it's too late.

Turning most of the spyware off is like removing most of the human droppings from your soup.

I upgraded my bootcamp partition on my personal Macbook Pro to Windows 10 from Windows 7 Pro. It was pretty trivial to disable everything.

How about a little experiment. Boot into Windows 10 and install Wireshark. Start a capture and walk away from the computer for an hour. Come back and stop the capture and see what all transpired on the network while you weren't even touching the computer. For grins, start a new capture and spend a few minutes interacting with the computer, but not doing anything internet related. Don't use a web browser or your email program, just run Notepad to create and save a testing text file, run the calculator, maybe browse through your filesystem. Now look at the network traffic that was captured during those few minutes.

Are you still sure you disabled everything?

Of all the things out there, Windows 10 is pretty low on my hierarchy of worries. That doesn't mean it's not concerning, but there are far bigger threats to my (and your) privacy and legal rights.

I ran a simple network test the other day using WireShark on Fedora 24 and a virtual machine that runs Windows 10 (believe it or not I actually do have a legitimate license).

Initially, I made sure that no network activity was observable other than the usual handshake activity between my PC and the router. This meant no web browser, torrents or mail clients. Then I started up Windows 10 in a virtual machine.

The reporting window in WireShark actually went ballistic and within a few seconds I had a massive collection of data. I did check on a few of the IP addresses and most were owned by Microsoft even though I had not even logged in yet. The most common IP was most likely the one which authenticates my copy of Windows. What is even more concerning is the fact that I had thought I had locked down the operating system from the get-go.

Don't believe me well you can do this test yourself, but if you don't care that's fine I hope you enjoy your gold plated chains.

If they have the private key, then maybe (assuming Diffie-Hellman was not used to create a session key without transmitting it).

There are a number of proxies that support creating SSL certs on the fly in order to MITM SSL traffic, though this is obvious unless you have installed the device's certificate as a trusted CA on the users' computers.

Citation? I keep hearing it but haven't seen it yet.

Citation. It's the best way to be sure.

You can always use Wireshark to check for yourself.

Sometimes when I log into Yahoo mail (https log-in page), the secure icon in Firefox changes from padlock to exclamation mark. Same problem on Twitter, the https turns into an exclamation mark. This is a permanent problem on Google Image search. The worst thing about this problem is in Yahoo. When I press tab and am about to fill in my password, the caret jumps from password field to username field, which means part of my username now has appended to it part of my password. I only notice that after hitting Enter and the screen returns an invalid login error. My suspicion is that my ISP has somehow managed to inject a tiny Java script into my https log-in page. In Facebook, sometimes my first login attempt doesn't even register, so I have to hit Enter again. Is that me being too paranoid?

I suggest that you take a look for yourself.

Rawshark reads a stream of packets from a file or pipe, and prints a line describing its output, followed by a set of matching fields for each packet on stdout. https://www.wireshark.org/docs...

You could also set up some kind of DMZ where you use a router with firewalling capabilities between broadband and your home network. This gives you some security now while you are still experimenting. Also it is a good idea to not trust your router and set up your own firewall in addition to it. Beyond that you may also protect us from your experiments that way.

You can also try to scan/hack your internal firewall with tools like nmap to see how it is holding up. Here is a list of a few links:
http://www.ietf.org/rfc/rfc791...
http://www.netfilter.org/index...
http://nmap.org/
http://www.wireshark.org/

Also there is user friendly in case you have been missing it so far, http://ars.userfriendly.org/ca...

I've dealt with a few of them over the last few years, it can be very entertaining.

The way to do it is to set up a virtual machine with a packet sniffer on it. If you use all the old tricks that you would have learned on the helpdesk, you can even keep them on the phone while you set it up.

Here's a few of the classics to get you started;

"Yes...Ok...right...ok...right..yes...<15 minutes later>...no, sorry, I'll never remember all this. The computers in the other room: If I go in there, would you show me how to do it?...."

"it's a terrible slow old thing, let me start it up <ten minutes later...talking about the grandkids, especially the oh-so-clever favourite who built the computer for you is an excellent way to pass the time> oh, looks like it's frozen, I'll just turn it off and start again..."

"Start button? Oh, he must mean the button on the front of the hard drive! OK...it's shutting down now...OK, it's off, now what?"<20 minutes, easy>

Once you've got it all set up, let them talk you through downloading and running the LogMeIn software on the virtual machine. don't make it too easy for them, now...Did you know the app that you download from LogMeIn is only good for five minutes? If you haven't got it running by then, you'll need to download a new one and try again! Hours of fun and excitement for you both! So, let them connect and then use the packet sniffer to identify the IP address their connection is coming from. Also, here's a fun tip - the local session takes priority over the remote session, so if you are moving the mouse, even just a little bit, they can't! Fun!

Once you've had your fun, and you have their IP address, you can let the authorities know, and their internet connection will become a very interesting place. Briefly.

To fully access the data stack from eth0 or wlan0 you need to run wireshark as root otherwise your trace will not be complete.

Nope.

For one thing, Wireshark shouldn't be accessing the network interfaces, it should be asking the dumpcap program, which is one of the components of Wireshark, to do so. To quote Wireshark's README.packaging file:

WIRESHARK CONTAINS OVER TWO MILLION LINES OF SOURCE CODE. DO NOT RUN THEM AS ROOT.

For another thing, the README.packaging document (in the "Privileges" section, which contains that rather emphatic quote), and the CaptureSetup/CapturePrivileges page in the Wireshark Wiki, discuss ways in which you can avoid even running dumpcap as root - it may need additional privileges, but not full root privileges.

All packet sniffers technically need to have root to be effective on any Unix like system.

Nope. See the above documents and the main libpcap man page (following "Reading packets from a network interface may require that you have special privileges:"). That's what the ChmodBPF script installed by Wireshark on OS X does; see the "Under BSD (this includes Mac OS X)" section - it does the "some other way to make that happen at boot time".

This message was not sent from an iPhone because Peter Sellers really was a deviated prevert without a dime for the call

Presumably he had to answer to the Coca-Cola company for that?

Ok Thanks I am running the older version LOL

$ wireshark --version wireshark 1.4.6 Copyright 1998-2011 Gerald Combs and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled (32-bit) with GTK+ 2.24.4, with GLib 2.28.6, with libpcap 1.1.1, with libz 1.2.3.4, with POSIX capabilities (Linux), without libpcre, with SMI 0.4.8, with c-ares 1.7.3, with Lua 5.1, without Python, with GnuTLS 2.8.6, with Gcrypt 1.4.6, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built Mar 18 2011 15:44:36), without AirPcap. Running on Linux 2.6.38-8-generic, with libpcap version 1.1.1, with libz 1.2.3.4, GnuTLS 2.8.6, Gcrypt 1.4.6. Built using gcc 4.5.2. ~ $

Guess I should upgrade and RTFM. I only use it when doing single traces though so the chances of leaving something open and being hacked while using it are almost zero, I do not run it as a process on the server only as a tracking mechanism if something gets hacked and then only on a the old laptop that I use for diagnostics. I should set it up as a service though if I can figure out an effective way to keep the log sizes down to specific info instead of a verbose as hell text file! Would be great if the files it created could be time stamped and compressed by wireshark itself on the fly as it logs. I tried setting up a cron with a shell script to do that but could not get it to spawn an output text log. Guess I should hone up my bash skills and do some more RTFM. Hopefully wireshark can use automated scripts to setup logging with a cron job without running a the gui something like the way I run vlc nox.

To fully access the data stack from eth0 or wlan0 you need to run wireshark as root otherwise your trace will not be complete.

Nope.

For one thing, Wireshark shouldn't be accessing the network interfaces, it should be asking the dumpcap program, which is one of the components of Wireshark, to do so. To quote Wireshark's README.packaging file:

WIRESHARK CONTAINS OVER TWO MILLION LINES OF SOURCE CODE. DO NOT RUN THEM AS ROOT.

For another thing, the README.packaging document (in the "Privileges" section, which contains that rather emphatic quote), and the CaptureSetup/CapturePrivileges page in the Wireshark Wiki, discuss ways in which you can avoid even running dumpcap as root - it may need additional privileges, but not full root privileges.

All packet sniffers technically need to have root to be effective on any Unix like system.

Nope. See the above documents and the main libpcap man page (following "Reading packets from a network interface may require that you have special privileges:"). That's what the ChmodBPF script installed by Wireshark on OS X does; see the "Under BSD (this includes Mac OS X)" section - it does the "some other way to make that happen at boot time".

This message was not sent from an iPhone because Peter Sellers really was a deviated prevert without a dime for the call

Presumably he had to answer to the Coca-Cola company for that?

Ok Thanks I am running the older version LOL

$ wireshark --version wireshark 1.4.6 Copyright 1998-2011 Gerald Combs and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled (32-bit) with GTK+ 2.24.4, with GLib 2.28.6, with libpcap 1.1.1, with libz 1.2.3.4, with POSIX capabilities (Linux), without libpcre, with SMI 0.4.8, with c-ares 1.7.3, with Lua 5.1, without Python, with GnuTLS 2.8.6, with Gcrypt 1.4.6, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built Mar 18 2011 15:44:36), without AirPcap. Running on Linux 2.6.38-8-generic, with libpcap version 1.1.1, with libz 1.2.3.4, GnuTLS 2.8.6, Gcrypt 1.4.6. Built using gcc 4.5.2. ~ $

Guess I should upgrade and RTFM. I only use it when doing single traces though so the chances of leaving something open and being hacked while using it are almost zero, I do not run it as a process on the server only as a tracking mechanism if something gets hacked and then only on a the old laptop that I use for diagnostics. I should set it up as a service though if I can figure out an effective way to keep the log sizes down to specific info instead of a verbose as hell text file! Would be great if the files it created could be time stamped and compressed by wireshark itself on the fly as it logs. I tried setting up a cron with a shell script to do that but could not get it to spawn an output text log. Guess I should hone up my bash skills and do some more RTFM. Hopefully wireshark can use automated scripts to setup logging with a cron job without running a the gui something like the way I run vlc nox.

To fully access the data stack from eth0 or wlan0 you need to run wireshark as root otherwise your trace will not be complete.

Nope.

For one thing, Wireshark shouldn't be accessing the network interfaces, it should be asking the dumpcap program, which is one of the components of Wireshark, to do so. To quote Wireshark's README.packaging file:

WIRESHARK CONTAINS OVER TWO MILLION LINES OF SOURCE CODE. DO NOT RUN THEM AS ROOT.

For another thing, the README.packaging document (in the "Privileges" section, which contains that rather emphatic quote), and the CaptureSetup/CapturePrivileges page in the Wireshark Wiki, discuss ways in which you can avoid even running dumpcap as root - it may need additional privileges, but not full root privileges.

All packet sniffers technically need to have root to be effective on any Unix like system.

Nope. See the above documents and the main libpcap man page (following "Reading packets from a network interface may require that you have special privileges:"). That's what the ChmodBPF script installed by Wireshark on OS X does; see the "Under BSD (this includes Mac OS X)" section - it does the "some other way to make that happen at boot time".

This message was not sent from an iPhone because Peter Sellers really was a deviated prevert without a dime for the call

Presumably he had to answer to the Coca-Cola company for that?

To fully access the data stack from eth0 or wlan0 you need to run wireshark as root otherwise your trace will not be complete.

Nope.

For one thing, Wireshark shouldn't be accessing the network interfaces, it should be asking the dumpcap program, which is one of the components of Wireshark, to do so. To quote Wireshark's README.packaging file:

WIRESHARK CONTAINS OVER TWO MILLION LINES OF SOURCE CODE. DO NOT RUN THEM AS ROOT.

For another thing, the README.packaging document (in the "Privileges" section, which contains that rather emphatic quote), and the CaptureSetup/CapturePrivileges page in the Wireshark Wiki, discuss ways in which you can avoid even running dumpcap as root - it may need additional privileges, but not full root privileges.

All packet sniffers technically need to have root to be effective on any Unix like system.

Nope. See the above documents and the main libpcap man page (following "Reading packets from a network interface may require that you have special privileges:"). That's what the ChmodBPF script installed by Wireshark on OS X does; see the "Under BSD (this includes Mac OS X)" section - it does the "some other way to make that happen at boot time".

This message was not sent from an iPhone because Peter Sellers really was a deviated prevert without a dime for the call

Presumably he had to answer to the Coca-Cola company for that?

Sometimes it's really convenient to just reboot and get to work, instead of launching an extra environment. Yes, virtualisation works, but unless one has to multitask between os-dependant applications,

And some do. (I do development on cross-platform software, and it's Way Cool to be able to try stuff on various non-OS X OSes without having to reboot and not have my regular development/Web access/e-mail/etc. environment handy and without having to have other machine on which to do it. The downside is that, given that I want multiple versions of those OSes, about 1/3 of my "disk" is filled up with VMs....)

If you use Linux, and other open source software, you can do a lot of learning and paid work in the software industry without having to pay expensive licences - while still being strictly legal!

word processor & other office software:
http://www.libreoffice.org/

database:
http://www.postgresql.org/

compilers:
http://gcc.gnu.org/

operating system & sufficient software to do useful things (2 of over 100 offerings, pick one that suites you best!):
https://fedoraproject.org/
http://www.debian.org/

network diagnostic:
http://www.wireshark.org/ ... and many others ...

Absolutely. If there is any activity on the network at all https://www.wireshark.org/download.html would pick it up in a split second.

I assume you would like to look less like an idiot in the future, so I will provide information with references for your education.

"There is no such thing as a half bit"

In communications, a half bit is a signal that is on the wire for half of the time of a full bit. Here is a datasheet from a UART manufacturer. On page 4 they describe the 'line control register' which sets how many stop bits there are: 1, 1.5, or 2. A simple search will return many references to start/stop bits in async communications.

"Ethernet does not have packets"
The IEEE, Cisco, Wikipedia, and Wireshark would all disagree with that, as would anyone who knows anything at all about networking.

Your little quote you posted provides no support for your position at all. Nobody ever said maximum numbers (such as data lengths) were not going to be in powers of two, or that calculations such as CRC would not be in powers of two. What I said was that data is not naturally (or even usually) transmitted in power of two increments, and you have shown absolutely nothing to disprove that.

I've had to work at a variety of levels and would suggest:

Wireshark at the packet level.

Fiddler at the HTTP protocol level

A Wi-Spy 2.4x from Metageek or one of its equivalents to show what's happening the RF level for 802.11g. It's a fascinating way to visualize wifi traffic that's constantly whizzing all around you everywhere you go.

(If want to go really geeky, the RF Explorer does the same thing as the Wi-Spy across a broader spectrum, albeit with lesser resolution.)

http://www.wireshark.org/download.html

APK

P.S.=> I'm still astounded that someone modded down the post I replied to (my original one here), & especially as ALL it was, was an honest question - that STILL REMAINS UNANSWERED no less!

Then again?

Well... There's NO SHORTAGE OF TROLLS FULL OF "GEEK ANGST" AROUND SLASHDOT THAT I HAVEN'T UTTERLY "BLOWN AWAY" ON "THINGS COMPUTING TECHNICAL" HERE, THAT COULDN'T HANDLE BEING SHOWN FOR THE UTTER "NOOBZ" THEY ARE when they tried to "take me on" & FAILED, badly... lol!

(Hence, the "effete technically unjustified downmod retaliation" of posts I do is their ONLY "revenge" (lol, weak @ that))... apk

You are way too worked up, and are not really considering what I am saying

I am considering it. I'm just considering it to be incorrect; please do not get trapped by the fallacy that, once people understand what you have to say, they'll necessarily agree with what you say.

You simply are got grasping that my primary goal is the same as the GPL has

I think you are not grasping what the primary goals of the GPL are (if you want to know what the goals are, try reading, for example, A Quick Guide to GPLv3, in particular the "The Foundations of the GPL" section; if giving users the freedoms listed there aren't your goals, your goals aren't the same as the goals of the GPL, whether you think they are or not).

I seriously think that the end goals of the GPL if still desirable must be looked at carefully as to which approaches actually have the effect the GPL seeks (something you insist on off and on but no-one seems to have done any research on either way).

"The effect the GPL seeks" is keeping the software it covers and all derived works of it as free software; it's not just "maximize giveback of changes". Here's Richard Stallman's explanation of why the GPL is the way it is.

On a side note I find it odd you bring up the Linux kernel in defending the GPL as they will not even shift to GPL3!

News flash: not all defenders of the general goals of the GPL agree with all of the means the FSF have taken in GPLv3. Hell, the GPLed free software project on which I'm a core developer is under the GPLv2, not v3.

...which leads me to wonder what this program provides that we can't already get from Wireshark. It's a trivial matter to compile this for OS X

It's an even more trivial matter to download a precompiled binary from wireshark.org, but, as another response already noted, one thing Wi-Fi Diagnostics provides is that you don't have to download and install it, much less compile it. It also offers a pane to get information about Wi-Fi networks your machine is seeing and a signal-and-noise graph, and to report that information to Apple for troubleshooting, and it can report various Wi-Fi network events.

In addition, if you're not the person who's going to be reading the capture, it offers a much simpler UI than Wireshark (which is intended for people who are going to be reading the capture).

http://www.wireshark.org/download.html

On the other hand, the owner of a network in Missouri that hosts botnet deserves a good deal of the credit for either their complicity or their stupidity.

(I was tempted to grant a huss based upon the possibility that educational funding cuts have resulted in the poor hypothetical sap being unable to afford any decent sniffers...but then I remembered Wireshark.)

this story

Yeah, I read the arstechnica article a few days ago, and the comments there were much better than the ones here. Among the sentiments I enjoyed:

• The media coverage of these handfuls of SWAT raids are mostly to scare everyone into securing their access points, because then it makes it easier for the feds to convict you when someone breaks into your wireless access point and downloads CP or something else they don't like. If you have an open access point, they can't really "prove" it was you. But if you have some kind of encryption going, then as far as the court is concerned it just *had* to be you doing the nasty, since you're the only one with the secret keys and there's no wai anyone could possibly break into it, as trivial as we know it is to do.
• The police don't apologize for anything that might happen during a raid. As far as they're concerned, they can do no wrong. But they will get reprimanded by the courts for issuing too many "dynamic entry" warrants prematurely.
• For my part, I think that if enough of us continue running open APs, the police will eventually have to find better ways to cooperate with us in their investigations. I don't really want to live in a world with no open and shared wifi (even though I have a cell phone with tethering and pretty fast HSDPA service, so I don't even need open wifi most of the time)

To actually respond to the OP...

• Set up a separate wifi router. Maybe look into something that can support OLSRd or something so you can get some kind of community mesh network going... this will particularly become important to have lots of people with OLSRd nodes if the government ever decides to use their internet kill switch for some silly reason.
• Run that wifi through a spare wired computer with two NICs, so you can use wondershaper or something to limit the bandwidth going through it.
• Some other good monitoring tools: NTOP (the web-based thing, though the other console ntop is also nice), to log and display traffic type and endpoints SNORT, to help alert if bad things are happening iftop is a good console thingy for showing you what is taking up bandwidth right now. Wireshark, for the times you feel evil and want to do some packet inspection / logging, though you probably don't want to run this all the time.

Good luck and have fun, don't let the man keep you down! :P

Not really.

Something like 90% of end users are running behind nat already.

Existing users won't be affected much: what works for them now will work for the foreseeable future. But that smartphone you're going to buy a year or so down the road -- it's quite possible that it will be IPv6-only on the cellular-radio side (3G or whatever the provider uses for data).

Why? Existing mobile data networks are a mess, addressing-wise. There aren't enough public IPv4 addresses to go around, so you get a private one. Not only it's NATed to hell and back, there is a chance that it will clash with the address received on the WiFi interface when you're connected to your home or office network. So you get creative solutions like using bogons... Shudder.

It's so much easier with IPv6. No possible address clashes. No need for gross kludges. Yes, NAT64/DNS64 is necessary if your destination is IPv4-only, but that is actually a nice carrot for web sites and content providers: "enbale IPv6 on your customer-facing servers and our users will reach you directly, without workarounds".

So IMO the IPv4 exhaustion will affect end users rather soon, just not necessarily in the way that will be visible to them.

Because they screwed up: http://wiki.wireshark.org/HowToDecrypt802.11

"WPA and WPA2 use keys derived from an EAPOL handshake to encrypt traffic. Unless all four handshake packets are present for the session you're trying to decrypt, Wireshark won't be able to decrypt the traffic. You can use the display filter eapol to locate EAPOL packets in your capture. "

So if all four handshake packets are there (there are ways to help ensure you see them ;) ), you can crack WPA2 PSK, today with wireshark.

And both the PSK and "Enterprise" mode are apparently vulnerable to this: http://www.airtightnetworks.com/wpa2-hole196

So Mr "Senior Security Advisor at Sophos Canada" doesn't know what he's talking about. It's not so simple as just typing "free" (since no username is mentioned, I think he means the very broken PSK modes and not the less broken Enterprise modes).

I blame the WiFi standards bunch.

Of course, any developer who is serious about the future of computation, and who has at least some bit of self-esteem, wil not buy into this, and will just leave the Mac alone.

Or, at least, leave the App Store alone. The main app I work on isn't likely to be eligible for the App Store (gotta be able to have libpcap open those BPF devices somehow), but, then again, the main app I work on isn't (even if a non-X11-based version is done) likely to be usable by, much less used by 99 44/100% of Mac users (or Windows users, for that matter), and it's free software so it's not as if any of the developers make any money when somebody downloads it anyway.

I'm a SpamAssassin developer, both on the official project and on a commercial derivative. Others on my commercial team independently verified my claim as well. I highly doubt we're all wrong.

That said, I decided to FULLY dig into the issue to see what's going on under the hood. In addition to a careful analysis of the spamassassin debug output, I spun up Wireshark to look at the actual DNS queries. Since SA knows what example.com is ([84234] dbg: uridnsbl: domain example.com in skip list), I had to use something else. I ran two tests: one on a nonexistant domain as separated by the SHY character in a manner that doesn't result in delimiting the latter portion into an existing domain, and then one as a heavily-spammed domain with a SHY character again breaking it into a nonexisting domain.

Analysis: Debug output from SA 3.3.1 and SVN trunk (rev 1005948, build reports version as 3.4.0-r929098) displays the SHY character (which my terminal renders as a space but after a paste, my browser does not) and uses \255 in its DNS lookups (older versions display it as \173 and I didn't capture the raw lookups). In addition to looking for the domain with the SHY character, it also queries without the SHY character. My live test confirmed a hit in URIBL for the defanged domain and no hit for the obfuscated one (I didn't test a real sample of the obfuscation -- presumably, the blocklists can learn the obfuscated domain in addition to the defanged one). I see no reference to the IDN syntax you mentioned.

A sample of the debug output (tweaked to convert the SHY to a space so it is distinguishable on the web):

$ grep obinemedic ~/url.eml.output |grep -i uribl |sed 's/r.obin/r obin/'
Oct 8 15:06:55.950 [1570] dbg: dns: providing a callback for id: 64792/r obinemedic.ru.multi.uribl.com/A/IN
Oct 8 15:06:55.950 [1570] dbg: async: starting: URI-DNSBL, DNSBL:multi.uribl.com.:r obinemedic.ru (timeout 15.0s, min 3.0s)
Oct 8 15:06:55.955 [1570] dbg: dns: providing a callback for id: 40779/robinemedic.ru.multi.uribl.com/A/IN
Oct 8 15:06:55.955 [1570] dbg: async: starting: URI-DNSBL, DNSBL:multi.uribl.com.:robinemedic.ru (timeout 15.0s, min 3.0s)
Oct 8 15:06:55.985 [1570] dbg: uridnsbl: domain "robinemedic.ru" listed (URIBL_DBL_SPAM): 127.0.1.2
Oct 8 15:06:55.987 [1570] dbg: uridnsbl: domain "robinemedic.ru" listed (URIBL_AB_SURBL): 127.0.0.102
Oct 8 15:06:55.988 [1570] dbg: uridnsbl: domain "robinemedic.ru" listed (URIBL_WS_SURBL): 127.0.0.102
Oct 8 15:06:55.988 [1570] dbg: uridnsbl: domain "robinemedic.ru" listed (URIBL_JP_SURBL): 127.0.0.102
Oct 8 15:06:55.989 [1570] dbg: uridnsbl: domain "robinemedic.ru" listed (URIBL_SC_SURBL): 127.0.0.102
Oct 8 15:06:56.121 [1570] dbg: async: completed in 0.162 s: URI-DNSBL, DNSBL:multi.uribl.com.:robinemedic.ru
Oct 8 15:06:56.121 [1570] dbg: uridnsbl: domain "robinemedic.ru" listed (URIBL_BLACK): 127.0.0.2
Oct 8 15:06:56.122 [1570] dbg: async: completed in 0.167 s: URI-DNSBL, DNSBL:multi.uribl.com.:r obinemedic.ru
Oct 8 15:06:57.980 [1570] dbg: async: timing: 0.162 . DNSBL:multi.uribl.com.:robinemedic.ru
Oct 8 15:06:57.980 [1570] dbg: async: timing: 0.167 . DNSBL:multi.uribl.com.:r obinemedic.ru

Disabling Error Reporting helps. Firing up wireshark shows up huge results checking in to Microsoft http://www.wireshark.org/ (formerly known as Ethereal) I have no need to tell Nix users about Snort and Acid http://www.snort.org/ or how microsoft has an epileptic fit if you run Cain and Able http://www.oxid.it/ Most hackers are not 31337 but idiots, My old friends at the the old place pulltheplug but now http://www.overthewire.org/ had root in less than 1 minute in a war game memorable war game. I really do not know what to say apart from do your own research, it is your own responsibility to protect yourself online but sadly some people are just not that smart. Be brave /.ers.I am not a hacker from Cult of the Cow.... Meow! :)

Happens the same whether you're on channel 1, 6, or 11? (the only b/g channels that don't overlap)

I know in my high-rise apartment, almost everyone is on channel 6, and I wouldn't be surprised if peak usage was mid-evening.

Did you double-check that some rule didn't accidentally get selected, which filters you out (either in the router interface... of you're using software that has scheduling...)

If you're using a radio type that is using the 5Ghz channel, someone's old beastly cordless phone might be affecting it too. If you're using a dual-band radio on your router, try using the other band and see what happens.

Running Wireshark (free) might not tell you what specifically is causing the problem, but you can narrow it down to see if packets are timing out, or getting filtered. Maybe there's traffic you didn't expect to be there? http://www.wireshark.org/download.html

As someone working as a Network Engineer I would recommend you look at GNS3 since you can install it via sources or via a deb package, you already have the address in other post in this thread. The nice thing about GNS is that if you build the network and installe the images (that is the trouble part) you need actual cisco images, you might be able to obtain them for educational purposes, and why not approach Cisco to ask. The worst thing you could get is a no on the other hand you might end up with a system that acts as the devices do in real life, an ideal playground in which to learn about networking, but to properly learn get hold of a package generator to stream your simulated environment. http://sourceforge.net/projects/packeth/ http://sourceforge.net/projects/pacgen/ http://bittwist.sourceforge.net/ http://sourceforge.net/projects/traffic/ http://gull.sourceforge.net/ http://mc-mint.sourceforge.net/ Are just some of the available package generators. Also someone else mentioned wireshark http://www.wireshark.org/ - That tool is a must for anyone serious about learning about networking and someone teaching about it. NMAP is another must as well http://nmap.org/ Good luck with your efforts

Step 1: Install Wireshark

Step 1.5: Install HttpFox (Firefox on any OS) or HttpWatch (IE or FF on Windows).

For HTTP traffic, both will supplement WireShark by giving you a clear browser-level picture of what data your browser is sending and receiving.

For HTTPS (or other SSL/TLS tunneled protocol spoken by your browser), it's also the practical way to get a cleartext version of the communication.

Don't let the mass media scare you.

Step 1: Install Wireshark
Step 2: Leave Wireshark running and observe what kind of information people are gleaning from you over the network. It's educational!
Step 3: There is no step 3.

I don't see why people expect anonymity on the internet any more than they do driving around in their car with the license plate showing.
I just pretend there's an FBI agent always watching over my shoulder. His name is Fred. I explain to him everything I'm doing.

Yes, Wireshark is the *NEW* name for what used to be known as Ethereal. The name changed like you said, ages ago.

Source: the Wireshark website.

"Wireshark used to be known as Ethereal®. See the next question for details about the name change. If you're still using Ethereal, it is strongly recommended that you upgrade to Wireshark."

Ethereal(wireshark was renamed ages ago you know)...

You have that backward. It hasn't gone by Ethereal for quite a few years. The official, current name is Wireshark.

Ethereal is the old name. The lead dev lost access to the Ethereal trademark, and the project moved over to Wireshark.

Stop wondering and figure it out.

Download and install Wireshark from http://www.wireshark.org/

Fire it up and watch everything on the NIC

Just install wireshark on the windows machine in question and look with your eyes. You don't need Linux kung-fu for everything. Especially since it sounds like he's RDP'ing in from half way around the world.

Viruses can interfere with security software, hampering or preventing detection. For example, Conficker blocks Wireshark.

A switch would be much better than a hub. Go look up CSMACD.

"Old" 10MB ethernet could have packet collide and you would hit a quick drop off in bandwidth once you had more than a certain percentage of utilization happening.
Switches created isolated segments for each connection, limiting the collision domain so you could talk two different destinations could talk without interfering with each other.

100MB connections and up had send and receive on different lines so it was impossible to really collide.

One good use for an old 10MB hub though, connect it up between your external router and Internet "source" (Cable Modem, DSL Modem, etc), and use it as a "poor man's tap" so you plug your computer into the line and sniff the network traffic (http://www.wireshark.org/). It can be amazing fun to watch the trash that might wash up against your external connection.

Note: Make sure the interface you plug in for monitoring won't take an IP address. You don't need one to monitor traffic, if might confuse the Cable/DSL modem, and it will open up that machine to possible external connections, which are happening without the benefit of your usual router between you and the internet. :)