This post marks the 4th year of this blog.
Hope is to actively engage in writing this blog.
Presented below is an orchestrate of seemingly disparate technologies to enable your favorite updates on your cellphone.
Note: Your cellphone need not have Wifi or GPRS options. This works on basic SMS incoming facility.
Now some of my favorite online items which i need to keep track are:
1) Twitter updates from selected friends.
2) Posts from selected blogs which i want to keep myself updated.
3) Instant updates from Google alerts.
Here is one way we can have all the elements integrated:
1) Collect RSS feeds of all the items listed above.
2) Using yahoo pipes you can do the following:
2a) Using Fetch Feed , aggregate all the feeds.
2b) Use a sort by published date to get the feeds in order. Click here for a preview
2c) This service gives out a common aggregated RSS feed for the selected set.
2d) Also one can use alternatives like RSSmix to achieve a common RSS feed.
3) To get the updates on the cellphone, use Google SMS Channel . By configuring our cellphone for the alerts in Google SMS Channel , we can get the desired updates on our cellphone.
Friday, September 18, 2009
Monday, July 06, 2009
Java URL Bloomer
I came across an interesting problem in java
public class URLBloomer {
public static void main(String[] args) throws MalformedURLException, URISyntaxException {
String[] urls= {
"http://meshlabsinc.com",
"http://meshserver.org"
};
Set testing=new HashSet();
for (String url : urls) {
testing.add(new URL(url));
}
System.out.println(testing.size());
}
}
Output : 1
Reason .... meshlabsinc.com and meshserver.org point to the same IP
Lesson learnt is to use URI instead of URL class.
public class URLBloomer {
public static void main(String[] args) throws MalformedURLException, URISyntaxException {
String[] urls= {
"http://meshlabsinc.com",
"http://meshserver.org"
};
Set testing=new HashSet();
for (String url : urls) {
testing.add(new URI(url));
}
System.out.println(testing.size());
}
}
Output : 2
public class URLBloomer {
public static void main(String[] args) throws MalformedURLException, URISyntaxException {
String[] urls= {
"http://meshlabsinc.com",
"http://meshserver.org"
};
Set
for (String url : urls) {
testing.add(new URL(url));
}
System.out.println(testing.size());
}
}
Output : 1
Reason .... meshlabsinc.com and meshserver.org point to the same IP
Lesson learnt is to use URI instead of URL class.
public class URLBloomer {
public static void main(String[] args) throws MalformedURLException, URISyntaxException {
String[] urls= {
"http://meshlabsinc.com",
"http://meshserver.org"
};
Set
for (String url : urls) {
testing.add(new URI(url));
}
System.out.println(testing.size());
}
}
Output : 2
Tuesday, February 24, 2009
Getting the create table command for an already existing table in mysql
mysql>SHOW CREATE TABLE
mysql> create table x (i integer);
Query OK, 0 rows affected (0.27 sec)
mysql> show create table x;
+-------+--------------------------------------------------------------------------------------+
| Table | Create Table |
+-------+--------------------------------------------------------------------------------------+
| x | CREATE TABLE `x` (
`i` int(11) default NULL
) ENGINE=MyISAM DEFAULT CHARSET=latin1 |
+-------+--------------------------------------------------------------------------------------+
1 row in set (0.06 sec)
mysql>
mysql> create table x (i integer);
Query OK, 0 rows affected (0.27 sec)
mysql> show create table x;
+-------+--------------------------------------------------------------------------------------+
| Table | Create Table |
+-------+--------------------------------------------------------------------------------------+
| x | CREATE TABLE `x` (
`i` int(11) default NULL
) ENGINE=MyISAM DEFAULT CHARSET=latin1 |
+-------+--------------------------------------------------------------------------------------+
1 row in set (0.06 sec)
mysql>
Monday, October 13, 2008
Java code to send message to your gtalk friends
Have used a library called Smack (http://www.igniterealtime.org/projects/smack/index.jsp)
import java.util.Collection;
import org.jivesoftware.smack.*;
public class GtalkClient {
public static void main(String[] args) throws XMPPException {
ConnectionConfiguration config = new ConnectionConfiguration("talk.google.com", 5222, "gmail.com");
XMPPConnection connection = new XMPPConnection(config);
connection.connect();
connection.login("< username >","< password >");
// Below is the code to get the users
// Roster roster = connection.getRoster();
// Collection rosterEntries = roster.getEntries();
//
// System.out.println("\n\n" + rosterEntries.size() + " friend(s):");
// for(RosterEntry rosterEntry:rosterEntries)
// {
// System.out.println(rosterEntry.getUser());
// }
// Here is a code to send message to a friend
MessageListener messageListener = null;
Chat chat = connection.getChatManager().createChat("shantanu.gg@gmail.com",messageListener);
chat.sendMessage("Hello this is a ping from a java program");
}
}
import java.util.Collection;
import org.jivesoftware.smack.*;
public class GtalkClient {
public static void main(String[] args) throws XMPPException {
ConnectionConfiguration config = new ConnectionConfiguration("talk.google.com", 5222, "gmail.com");
XMPPConnection connection = new XMPPConnection(config);
connection.connect();
connection.login("< username >","< password >");
// Below is the code to get the users
// Roster roster = connection.getRoster();
// Collection
//
// System.out.println("\n\n" + rosterEntries.size() + " friend(s):");
// for(RosterEntry rosterEntry:rosterEntries)
// {
// System.out.println(rosterEntry.getUser());
// }
// Here is a code to send message to a friend
MessageListener messageListener = null;
Chat chat = connection.getChatManager().createChat("shantanu.gg@gmail.com",messageListener);
chat.sendMessage("Hello this is a ping from a java program");
}
}
Tuesday, September 30, 2008
Sending email using GMAIL using Java Mail Api
Note: Search for changeme and replace with appropriate terms.
import javax.mail.*;
import javax.mail.internet.*;
import java.util.*;
public class MailSender {
final String senderEmailID = "changeme @ changeme .com";
final String senderPassword = "changeme";
final String emailSMTPserver = "smtp.gmail.com";
final String emailServerPort = "465";
String receiverEmailID = null;
String emailSubject = null;
String emailBody = null;
public MailSender(String receiverEmailID, String emailSubject, String emailBody) {
this.receiverEmailID=receiverEmailID;
this.emailSubject=emailSubject;
this.emailBody=emailBody;
Properties props = new Properties();
props.put("mail.smtp.user",senderEmailID);
props.put("mail.smtp.host", emailSMTPserver);
props.put("mail.smtp.port", emailServerPort);
props.put("mail.smtp.starttls.enable", "true");
props.put("mail.smtp.auth", "true");
// props.put("mail.smtp.debug", "true");
props.put("mail.smtp.socketFactory.port", emailServerPort);
props.put("mail.smtp.socketFactory.class",
"javax.net.ssl.SSLSocketFactory");
props.put("mail.smtp.socketFactory.fallback", "false");
SecurityManager security = System.getSecurityManager();
try {
Authenticator auth = new SMTPAuthenticator();
Session session = Session.getInstance(props, auth);
// session.setDebug(true);
MimeMessage msg = new MimeMessage(session);
msg.setText(emailBody);
msg.setSubject(emailSubject);
msg.setFrom(new InternetAddress(senderEmailID));
msg.addRecipient(Message.RecipientType.TO,
new InternetAddress(receiverEmailID));
Transport.send(msg);
} catch (Exception mex) {
mex.printStackTrace();
}
}
private class SMTPAuthenticator extends javax.mail.Authenticator {
public PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication(senderEmailID, senderPassword);
}
}
/**
* @param args
*/
public static void main(String[] args) {
// TODO Auto-generated method stub
MailSender mailSender=new MailSender("changeme @ changeme .com","Test Mail from Puretechie","Here goes the body");
}
}
import javax.mail.*;
import javax.mail.internet.*;
import java.util.*;
public class MailSender {
final String senderEmailID = "changeme @ changeme .com";
final String senderPassword = "changeme";
final String emailSMTPserver = "smtp.gmail.com";
final String emailServerPort = "465";
String receiverEmailID = null;
String emailSubject = null;
String emailBody = null;
public MailSender(String receiverEmailID, String emailSubject, String emailBody) {
this.receiverEmailID=receiverEmailID;
this.emailSubject=emailSubject;
this.emailBody=emailBody;
Properties props = new Properties();
props.put("mail.smtp.user",senderEmailID);
props.put("mail.smtp.host", emailSMTPserver);
props.put("mail.smtp.port", emailServerPort);
props.put("mail.smtp.starttls.enable", "true");
props.put("mail.smtp.auth", "true");
// props.put("mail.smtp.debug", "true");
props.put("mail.smtp.socketFactory.port", emailServerPort);
props.put("mail.smtp.socketFactory.class",
"javax.net.ssl.SSLSocketFactory");
props.put("mail.smtp.socketFactory.fallback", "false");
SecurityManager security = System.getSecurityManager();
try {
Authenticator auth = new SMTPAuthenticator();
Session session = Session.getInstance(props, auth);
// session.setDebug(true);
MimeMessage msg = new MimeMessage(session);
msg.setText(emailBody);
msg.setSubject(emailSubject);
msg.setFrom(new InternetAddress(senderEmailID));
msg.addRecipient(Message.RecipientType.TO,
new InternetAddress(receiverEmailID));
Transport.send(msg);
} catch (Exception mex) {
mex.printStackTrace();
}
}
private class SMTPAuthenticator extends javax.mail.Authenticator {
public PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication(senderEmailID, senderPassword);
}
}
/**
* @param args
*/
public static void main(String[] args) {
// TODO Auto-generated method stub
MailSender mailSender=new MailSender("changeme @ changeme .com","Test Mail from Puretechie","Here goes the body");
}
}
Monday, September 22, 2008
Common bad practice in database calculations
create table x ( i int, j varchar(10))
insert into x values (1,'a')
insert into `x`(`i`,`j`) values ( '2',NULL)
select count(*) from x
2
Select count(j) from x
1
Note the difference when the count(col_name) is used.
count(col_name) is used under the impression that it is faster than count(*) , however quite the opposite is true.
MYISAM table MySQL has cached number of rows in the table. Thats the reason why MYISM is able to instantly answer COUNT(*) query, but not COUNT(col_name).
Why ? Because say if col_name column is not defined as NOT NULL there can be some NULL values in it and so MySQL have to perform table scan to find out. This is also why result is different for the second query.
Using count(*) instead of count(col_name) falls in the best practice category.
insert into x values (1,'a')
insert into `x`(`i`,`j`) values ( '2',NULL)
select count(*) from x
2
Select count(j) from x
1
Note the difference when the count(col_name) is used.
count(col_name) is used under the impression that it is faster than count(*) , however quite the opposite is true.
MYISAM table MySQL has cached number of rows in the table. Thats the reason why MYISM is able to instantly answer COUNT(*) query, but not COUNT(col_name).
Why ? Because say if col_name column is not defined as NOT NULL there can be some NULL values in it and so MySQL have to perform table scan to find out. This is also why result is different for the second query.
Using count(*) instead of count(col_name) falls in the best practice category.
Saturday, June 21, 2008
Ways to manage RSS feeds
RSS feeds aim to manage the information load.
I for example blog at these places :
a) http://dinchari.blogspot.com/ --- my Personal blog
b) http://puretechie.blogspot.com/ --- were a group of like minded tech enthusiasts post about topics of their interest.
Ideally I would like my friends to have be updated with my thoughts on either blogs. Currently they have to refer to the individual rss feeds separately.
To ease matters, I have used Yahoo Pipes to create a combined RSS feed for the consumers as a single combined RSS feed.
Click here for the new combined RSS link
Now this essentially is simple.
We can develop on this use case extensively.
Initially,
a) Now in the tech blog: there are many other authors. With the above URL , the consumers will also get the updates from these other authors. There needs to be filtering mechanism based on Author.
Adding more complexity,
b) Suppose you like all my articles about the puzzles and are not interested in any other topics. This is where the whole thing gets tricky. Using filtering its possible, but I have to explore the capabilities of customizing to individual consumers.
I for example blog at these places :
a) http://dinchari.blogspot.com/ --- my Personal blog
b) http://puretechie.blogspot.com/ --- were a group of like minded tech enthusiasts post about topics of their interest.
Ideally I would like my friends to have be updated with my thoughts on either blogs. Currently they have to refer to the individual rss feeds separately.
To ease matters, I have used Yahoo Pipes to create a combined RSS feed for the consumers as a single combined RSS feed.
Click here for the new combined RSS link
Now this essentially is simple.
We can develop on this use case extensively.
Initially,
a) Now in the tech blog: there are many other authors. With the above URL , the consumers will also get the updates from these other authors. There needs to be filtering mechanism based on Author.
Adding more complexity,
b) Suppose you like all my articles about the puzzles and are not interested in any other topics. This is where the whole thing gets tricky. Using filtering its possible, but I have to explore the capabilities of customizing to individual consumers.
Tuesday, May 27, 2008
Processing RSS feeds --the Python way
[shantanu@myjunkyard rss]$ cat a1.py
#!/usr/bin/env python
import feedparser
import sys
d = feedparser.parse(sys.argv[1])
for i in d['entries']:
for j in i['links']:
print i['title'] + "######" + j['href']
[shantanu@myjunkyard rss]$ cat rssFeed.list
http://puretechie.blogspot.com/atom.xml
[shantanu@myjunkyard rss]$ for i in `cat rssFeed.list `; do ./a1.py $i; done
See it Yourself :)
#!/usr/bin/env python
import feedparser
import sys
d = feedparser.parse(sys.argv[1])
for i in d['entries']:
for j in i['links']:
print i['title'] + "######" + j['href']
[shantanu@myjunkyard rss]$ cat rssFeed.list
http://puretechie.blogspot.com/atom.xml
[shantanu@myjunkyard rss]$ for i in `cat rssFeed.list `; do ./a1.py $i; done
See it Yourself :)
Thursday, May 15, 2008
Ruby on Rails --- it time
After many futile attempts RoR finally is happening this year. Though I tried my best to use Java for the project(as usual , cox thats a comfort zone) , somehow winds changed direction.
For statistics The TIOBE Programming Community index which gives an indication of the popularity of programming languages, ranks Ruby 10th in popularity with 2.66% of programmers.
My initial thoughts
1) There is a need to think in a language, understand its philosophy. An interesting story to share from RoR for dummies book about the name Ruby on Rails. Since the year 2000, teams of Java programmers have been using a framework named Struts. But the word strut means something in the construction industry. (A strut is a horizontal brace, and a sturdy one at that.) Well, a rail is also a kind of horizontal brace.
And like Ruby, the word Rail begins with the letter R. Thus the name Ruby on Rails.
2) Understanding MVC is ingrained
http://wiki.rubyonrails.org/rails/pages/UnderstandingRailsMVC
Best part of the language is that it forces MVC , similar to Java forcing OO.
These are still baby steps , but has been exciting.
For statistics The TIOBE Programming Community index which gives an indication of the popularity of programming languages, ranks Ruby 10th in popularity with 2.66% of programmers.
My initial thoughts
1) There is a need to think in a language, understand its philosophy. An interesting story to share from RoR for dummies book about the name Ruby on Rails. Since the year 2000, teams of Java programmers have been using a framework named Struts. But the word strut means something in the construction industry. (A strut is a horizontal brace, and a sturdy one at that.) Well, a rail is also a kind of horizontal brace.
And like Ruby, the word Rail begins with the letter R. Thus the name Ruby on Rails.
2) Understanding MVC is ingrained
http://wiki.rubyonrails.org/rails/pages/UnderstandingRailsMVC
Best part of the language is that it forces MVC , similar to Java forcing OO.
These are still baby steps , but has been exciting.
Tuesday, May 13, 2008
Powerset is released today
Powerset is a first of its kind .... a context sensitive natural language based search engine.
Currently powered by Wikipedia, this is a potentially disruptive technology.
Simple queries like
Where is PESIT?
or
vice chancellor of Visvesvaraya Technological University
Interesting results!!!!
Currently powered by Wikipedia, this is a potentially disruptive technology.
Simple queries like
Where is PESIT?
or
vice chancellor of Visvesvaraya Technological University
Interesting results!!!!
Friday, April 11, 2008
Punishment for 3 days.
For 3 days I was not able to access my system with my ID.
I kinda circumvented the problem by allowing remote root ssh to my machine(which is criminal).
The problem was this:
root@shantanu>ssh sg202516@shantanu
Password:
Last login: Fri Apr 11 17:19:51 2008 from shantanu
NO LOGINS: System going down in 30 seconds
Connection to shantanu closed.
root@shantanu>
Untill today I was ok with it, but I could not access my screen sessions remotely.
So finally decided to debug it.
The issue was the presence of a file called /etc/nologin
root@shantanu>cat /etc/nologin
NO LOGINS: System going down in 30 seconds
Removing the file solves the crap.
With a feeling of achievement I told my neighbor about this.
The reply came back "Check the date of the creation of the file. It should be Apr 8th. You had not locked the system!!!"
Related Old link:http://dinchari.blogspot.com/2006/07/assholes-learn-this-way_27.html
I kinda circumvented the problem by allowing remote root ssh to my machine(which is criminal).
The problem was this:
root@shantanu>ssh sg202516@shantanu
Password:
Last login: Fri Apr 11 17:19:51 2008 from shantanu
NO LOGINS: System going down in 30 seconds
Connection to shantanu closed.
root@shantanu>
Untill today I was ok with it, but I could not access my screen sessions remotely.
So finally decided to debug it.
The issue was the presence of a file called /etc/nologin
root@shantanu>cat /etc/nologin
NO LOGINS: System going down in 30 seconds
Removing the file solves the crap.
With a feeling of achievement I told my neighbor about this.
The reply came back "Check the date of the creation of the file. It should be Apr 8th. You had not locked the system!!!"
Related Old link:http://dinchari.blogspot.com/2006/07/assholes-learn-this-way_27.html
Monday, November 19, 2007
Simple But intriguing
1) How does one create a file starting with hyphen(-)?
2) How does one remove a file starting with hyphen(-)?
My Solution
===========
1)
bash-2.05$touch a
bash-2.05$tar cvf -c.tar a
2)bash-2.05$ rm ./-c.tar
2) How does one remove a file starting with hyphen(-)?
My Solution
===========
1)
bash-2.05$touch a
bash-2.05$tar cvf -c.tar a
2)bash-2.05$ rm ./-c.tar
Saturday, October 27, 2007
How can a host determine what address mask is in use on a remote host without logging in?
Interestingly, icmp is so powerful , that it can get us this information.
RFC 792 does not mention about the Address Mask( or type 17/18). However RFC 950 has the inherent rationale(Section 2.3) for embedding this option in icmp.
Using nemesis the solution can be seen in action outright.
@SOURCE_MACHINE>/usr/local/bin/nemesis icmp -qM -i 17 -m 0 -S 129.158.224.205 -D 129.158.224.182 -H 0:3:ba:4e:40:44 -M 00:03:ba:5b:8f:5d
ICMP Packet Injected
@SOURCE_MACHINE>snoop icmp
Using device /dev/eri (promiscuous mode)
SOURCE_MACHINE -> DESTINATION_MACHINE ICMP Address mask request
DESTINATION_MACHINE -> SOURCE_MACHINE ICMP Address mask reply (Mask = 0xffffff00)
^C@SOURCE_MACHINE>
RFC 792 does not mention about the Address Mask( or type 17/18). However RFC 950 has the inherent rationale(Section 2.3) for embedding this option in icmp.
Using nemesis the solution can be seen in action outright.
@SOURCE_MACHINE>/usr/local/bin/nemesis icmp -qM -i 17 -m 0 -S 129.158.224.205 -D 129.158.224.182 -H 0:3:ba:4e:40:44 -M 00:03:ba:5b:8f:5d
ICMP Packet Injected
@SOURCE_MACHINE>snoop icmp
Using device /dev/eri (promiscuous mode)
SOURCE_MACHINE -> DESTINATION_MACHINE ICMP Address mask request
DESTINATION_MACHINE -> SOURCE_MACHINE ICMP Address mask reply (Mask = 0xffffff00)
^C@SOURCE_MACHINE>
Thursday, October 18, 2007
My failed experiment to detect nodes in Promiscious mode.
Basic Prerequisites: Promiscuous mode,ARP, ICMP and Packet Injection.
Problem:
========
The decision to accept/drop the network packets is controlled by the Network Interface Card(NIC). NIC filters out the desired packets which system is entitled to recieve. However by setting the NIC to promiscuous mode the sniffing application receives packets regardless of the system being the intended destination. Sniffing is a difficult problem to acertain as it does not interfere with the network traffic, leaving no digital traces to track.
My Approach in theory
=====================
A “dynamic” protocol like Address Resolution Protocol (ARP) can be leveraged to detect the sniffing host. This protocol works alongside the Internet Protocol(IP) in Layer 3. On account of this ARP's operation occurs automatically in the background, without concern to the application user.
ARP works by sending an address request and collecting the response to create its mapping of addresses. The hardware addresses are only needed for hosts on the local network. At the lowest level, the Ethernet driver needs the hardware address of the remote system to which it will send a packet. When it does not have that address, it “broadcasts” a request for the missing address. This request, called an “ARP request”, contains the IP address of the host in question and is sent to all systems on the local network. A system may respond with a reply, called an “ARP reply”, which contains the host IP address and hardware address. The response received is used to build a table of IP addresses and hardware addresses.
Another feature of the protocol is called “gratuitous ARP”. This occurs when a host broadcasts an ARP request for its own hardware address. A Solaris system does this at boot time. It is used to detect if another system is using its IP address, indicating a misconfigured system. The other use of gratuitous ARP is to send updated
hardware address information. Systems that receive requests like this will automatically update the hardware address information for that host.
ARP by default uses BROADCAST method to get the destination MAC address. The idea here is to craft an ARP packet with the destination address being a non-BROADCAST address with a specific target IP address. If the NIC is in non-promiscuous mode, the packet is ignored and after the specified TTL no response is got back. However if the node with the corresponding IP address is in promiscuous mode, a prompt response is given by the sniffing host as the packet is percolated to the higher layers.
Using a handcrafted packet like ICMP with appropriate fields can induce the same effect.
References
----------
-Defeating Sniffers and Intrusion Detection Systems
http://www.phrack.com/issues.html?issue=54&id=10#article
-Plummer, Dave. An Ethernet Address Resolution Protocol, RFC 826, Network
Information Center, SRI International, Menlo Park, CA., November 1982.
- Interetworking with TCP/IP VolumeII Design,Implementation and Internals. Douglas E. Comer/David L. Stevens
-Solaris Operating Environment Network Settings for Security , By Alex Noordergraaf and KeithWatson
http://www.sun.com/blueprints/1299/network.pdf
The Reality ( Getting the hands dirty )
=======================================
Destination Machine
===================
@SOURCE-MACHINE>ping DESTINATION-MACHINE
DESTINATION-MACHINE is alive
@ SOURCE-MACHINE>arp -a | grep DESTINATION-MACHINE
eri0 DESTINATION-MACHINE 255.255.255.255 00:03:ba:5b:8f:5d
@SOURCE-MACHINE>ping -s !$
ping -s DESTINATION-MACHINE
PING DESTINATION-MACHINE: 56 data bytes
64 bytes from DESTINATION-MACHINE (129.158.224.182): icmp_seq=0. time=1.26 ms
64 bytes from DESTINATION-MACHINE (129.158.224.182): icmp_seq=1. time=0.920 ms
^C
----DESTINATION-MACHINE PING Statistics----
2 packets transmitted, 2 packets received, 0% packet loss
round-trip (ms) min/avg/max/stddev = 0.920/1.09/1.26/0.24
@SOURCE-MACHINE>
Source Machine
===================
@SOURCE-MACHINE>hostname
SOURCE-MACHINE
@SOURCE-MACHINE>ifconfig -a
lo0: flags=2001000849 mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
eri0: flags=1000843 mtu 1500 index 2
inet 129.158.224.205 netmask ffffff00 broadcast 129.158.224.255
ether 0:3:ba:4e:40:44
Packet Injection
=================
@SOURCE-MACHINE>/usr/local/bin/nemesis icmp -S 129.158.224.205 -D 129.158.224.182 -H 0:3:ba:4e:40:44 -M 00:03:ba:5b:8f:5d
ICMP Packet Injected
@SOURCE-MACHINE>
@SOURCE-MACHINE>snoop icmp
SOURCE-MACHINE -> DESTINATION-MACHINE ICMP Echo request (ID: 15815 Sequence number: 46167)
DESTINATION-MACHINE -> SOURCE-MACHINE ICMP Echo reply (ID: 15815 Sequence number: 46167)
Now sending a wrong MAC address to Destination ( last letter changed from d to e )
@SOURCE-MACHINE>/usr/local/bin/nemesis icmp -S 129.158.224.205 -D 129.158.224.182 -H 0:3:ba:4e:40:44 -M 00:03:ba:5b:8f:5e
ICMP Packet Injected
@SOURCE-MACHINE>snoop icmp
Using device /dev/eri (promiscuous mode)
SOURCE-MACHINE -> DESTINATION-MACHINE ICMP Echo request (ID: 12112 Sequence number: 10553)
Interesting thing to note was that the Packet was seen in the snoop output on DESTINATION-MACHINE but was not replied.
There goes the failed experiment. Reality turns out to be different than the assumed theory. Digging further as to how snoop manages to get a snapshot of the packet and not process the packet.
Problem:
========
The decision to accept/drop the network packets is controlled by the Network Interface Card(NIC). NIC filters out the desired packets which system is entitled to recieve. However by setting the NIC to promiscuous mode the sniffing application receives packets regardless of the system being the intended destination. Sniffing is a difficult problem to acertain as it does not interfere with the network traffic, leaving no digital traces to track.
My Approach in theory
=====================
A “dynamic” protocol like Address Resolution Protocol (ARP) can be leveraged to detect the sniffing host. This protocol works alongside the Internet Protocol(IP) in Layer 3. On account of this ARP's operation occurs automatically in the background, without concern to the application user.
ARP works by sending an address request and collecting the response to create its mapping of addresses. The hardware addresses are only needed for hosts on the local network. At the lowest level, the Ethernet driver needs the hardware address of the remote system to which it will send a packet. When it does not have that address, it “broadcasts” a request for the missing address. This request, called an “ARP request”, contains the IP address of the host in question and is sent to all systems on the local network. A system may respond with a reply, called an “ARP reply”, which contains the host IP address and hardware address. The response received is used to build a table of IP addresses and hardware addresses.
Another feature of the protocol is called “gratuitous ARP”. This occurs when a host broadcasts an ARP request for its own hardware address. A Solaris system does this at boot time. It is used to detect if another system is using its IP address, indicating a misconfigured system. The other use of gratuitous ARP is to send updated
hardware address information. Systems that receive requests like this will automatically update the hardware address information for that host.
ARP by default uses BROADCAST method to get the destination MAC address. The idea here is to craft an ARP packet with the destination address being a non-BROADCAST address with a specific target IP address. If the NIC is in non-promiscuous mode, the packet is ignored and after the specified TTL no response is got back. However if the node with the corresponding IP address is in promiscuous mode, a prompt response is given by the sniffing host as the packet is percolated to the higher layers.
Using a handcrafted packet like ICMP with appropriate fields can induce the same effect.
References
----------
-Defeating Sniffers and Intrusion Detection Systems
http://www.phrack.com/issues.html?issue=54&id=10#article
-Plummer, Dave. An Ethernet Address Resolution Protocol, RFC 826, Network
Information Center, SRI International, Menlo Park, CA., November 1982.
- Interetworking with TCP/IP VolumeII Design,Implementation and Internals. Douglas E. Comer/David L. Stevens
-Solaris Operating Environment Network Settings for Security , By Alex Noordergraaf and KeithWatson
http://www.sun.com/blueprints/1299/network.pdf
The Reality ( Getting the hands dirty )
=======================================
Destination Machine
===================
@SOURCE-MACHINE>ping DESTINATION-MACHINE
DESTINATION-MACHINE is alive
@ SOURCE-MACHINE>arp -a | grep DESTINATION-MACHINE
eri0 DESTINATION-MACHINE 255.255.255.255 00:03:ba:5b:8f:5d
@SOURCE-MACHINE>ping -s !$
ping -s DESTINATION-MACHINE
PING DESTINATION-MACHINE: 56 data bytes
64 bytes from DESTINATION-MACHINE (129.158.224.182): icmp_seq=0. time=1.26 ms
64 bytes from DESTINATION-MACHINE (129.158.224.182): icmp_seq=1. time=0.920 ms
^C
----DESTINATION-MACHINE PING Statistics----
2 packets transmitted, 2 packets received, 0% packet loss
round-trip (ms) min/avg/max/stddev = 0.920/1.09/1.26/0.24
@SOURCE-MACHINE>
Source Machine
===================
@SOURCE-MACHINE>hostname
SOURCE-MACHINE
@SOURCE-MACHINE>ifconfig -a
lo0: flags=2001000849
inet 127.0.0.1 netmask ff000000
eri0: flags=1000843
inet 129.158.224.205 netmask ffffff00 broadcast 129.158.224.255
ether 0:3:ba:4e:40:44
Packet Injection
=================
@SOURCE-MACHINE>/usr/local/bin/nemesis icmp -S 129.158.224.205 -D 129.158.224.182 -H 0:3:ba:4e:40:44 -M 00:03:ba:5b:8f:5d
ICMP Packet Injected
@SOURCE-MACHINE>
@SOURCE-MACHINE>snoop icmp
SOURCE-MACHINE -> DESTINATION-MACHINE ICMP Echo request (ID: 15815 Sequence number: 46167)
DESTINATION-MACHINE -> SOURCE-MACHINE ICMP Echo reply (ID: 15815 Sequence number: 46167)
Now sending a wrong MAC address to Destination ( last letter changed from d to e )
@SOURCE-MACHINE>/usr/local/bin/nemesis icmp -S 129.158.224.205 -D 129.158.224.182 -H 0:3:ba:4e:40:44 -M 00:03:ba:5b:8f:5e
ICMP Packet Injected
@SOURCE-MACHINE>snoop icmp
Using device /dev/eri (promiscuous mode)
SOURCE-MACHINE -> DESTINATION-MACHINE ICMP Echo request (ID: 12112 Sequence number: 10553)
Interesting thing to note was that the Packet was seen in the snoop output on DESTINATION-MACHINE but was not replied.
There goes the failed experiment. Reality turns out to be different than the assumed theory. Digging further as to how snoop manages to get a snapshot of the packet and not process the packet.
Thursday, October 04, 2007
Getting the Kth smallest element in two Sorted Lists
Problem
--------
Let A and B be two sorted arrays. The intent is to find the kth smallest number in the union of the two lists.
Sounds Simple, but the catch is to get it done with a better time complexity than O(size(A) + size(B)).
I now have the solution which works with O(log(size(A) + size(B)), but i gave a crappy solution to my friend who gave me this puzzle. I used the intuitive, 2 pointer solution. Dont fall for it.
--------
Let A and B be two sorted arrays. The intent is to find the kth smallest number in the union of the two lists.
Sounds Simple, but the catch is to get it done with a better time complexity than O(size(A) + size(B)).
I now have the solution which works with O(log(size(A) + size(B)), but i gave a crappy solution to my friend who gave me this puzzle. I used the intuitive, 2 pointer solution. Dont fall for it.
Tuesday, October 02, 2007
Implementing a queue with 2 Stacks
Interesting, but intuitive question.
My Solution:-
//QueueWith2Stacks.java
import java.util.Stack;
public class QueueWith2Stacks {
Stack< Object> insertStack=new Stack< Object>();
Stack< Object> popStack=new Stack< Object>();
void enqueue(Object element){
insertStack.push(element);
}
Object dequeue(){
if(popStack.empty()&& insertStack.empty())
return(null);
if(popStack.empty())//This is the only interesting part about it.
while(!insertStack.empty())
popStack.push(insertStack.pop());
return(popStack.pop());
}
void display(){
System.out.println(popStack.toString()+insertStack.toString());
}
}
My Solution:-
//QueueWith2Stacks.java
import java.util.Stack;
public class QueueWith2Stacks {
Stack< Object> insertStack=new Stack< Object>();
Stack< Object> popStack=new Stack< Object>();
void enqueue(Object element){
insertStack.push(element);
}
Object dequeue(){
if(popStack.empty()&& insertStack.empty())
return(null);
if(popStack.empty())//This is the only interesting part about it.
while(!insertStack.empty())
popStack.push(insertStack.pop());
return(popStack.pop());
}
void display(){
System.out.println(popStack.toString()+insertStack.toString());
}
}
Sunday, August 12, 2007
Configuring SSO
After analyzing JOSSO and CAS as candidates for SSO , the JOSSO implementation seems very promising.
What is SSO ?
Josso
-----
Positives
--------------------
1) Just works. Can easily embed my application to the SSO framework.
2) Out-of-the box seem less integration with custom made tomcat. Inbuilt SSL configurations.
3) To-Do steps
i) Download Josso tomcat
ii) Refer to http://www.josso.org/tomcat55-howto.html
iii) JAVA_OPTS=-Djava.security.auth.login.config=..\conf\jaas.conf (Spent a romantic night for this. Had to write it )
iv) For getting the login data from the DB refer to this
Negatives
--------------------
1) Pathetic Docs
2) In-active community.
CAS
---
I could not get CAS working on my system. I know it works, but somehow the jigsaw is not complete. The community is very active and vibrant.Updated wiki . Let me know if anyone gets it working.
What is SSO ?
Josso
-----
Positives
--------------------
1) Just works. Can easily embed my application to the SSO framework.
2) Out-of-the box seem less integration with custom made tomcat. Inbuilt SSL configurations.
3) To-Do steps
i) Download Josso tomcat
ii) Refer to http://www.josso.org/tomcat55-howto.html
iii) JAVA_OPTS=-Djava.security.auth.login.config=..\conf\jaas.conf (Spent a romantic night for this. Had to write it )
iv) For getting the login data from the DB refer to this
Negatives
--------------------
1) Pathetic Docs
2) In-active community.
CAS
---
I could not get CAS working on my system. I know it works, but somehow the jigsaw is not complete. The community is very active and vibrant.Updated wiki . Let me know if anyone gets it working.
Monday, June 11, 2007
Is this implementation of select() syscall in Linux correct?
Here is the code
linuxMachine:/tmp # uname -a
Linux linuxMachine 2.4.21-309.PTF.97199.1-smp #1 SMP Mon Jul 24 12:20:00 UTC 2006 i686 unknown
linuxMachine:/tmp # cat testSelectCall.c
#include "stdio.h"
#include "sys/time.h"
#include "sys/types.h"
#include "unistd.h"
int
main(void) {
fd_set rfds;
struct timeval tv;
int retval;
FD_ZERO(&rfds);
FD_SET(0, &rfds);
tv.tv_sec = 5;
tv.tv_usec = 0;
retval = select(1, &rfds, NULL, NULL, &tv);
/* Here is the tricky part! */
printf("tv.tv_sec=%i\n",tv.tv_sec);
printf("tv.tv_usec=%i\n",tv.tv_usec);
if (retval)
printf("Data is available now.\n");
else
printf("No data within five seconds.\n");
return 0;
}
linuxMachine:/tmp # !gcc
gcc testSelectCall.c
linuxMachine:/tmp # !time
time ./a.out
tv.tv_sec=0
tv.tv_usec=0
No data within five seconds.
real 0m5.000s
user 0m0.000s
sys 0m0.000s
linuxMachine:/tmp #
On a solaris box
solarisBox>uname -a
SunOS solarisBox 5.10 Generic_118835-02 sun4u sparc SUNW,Sun-Blade-100
solarisBox>gcc testSelectCall.c
solarisBox>!time
time ./a.out
tv.tv_sec=5
tv.tv_usec=0
No data within five seconds.
real 0m5.025s
user 0m0.003s
sys 0m0.010s
solarisBox>
Man Page has the following description
man 2 select
Some code calls select with all three sets empty, n zero, and a non-null
timeout as a fairly portable way to sleep with subsecond precision.
On Linux, the function select modifies timeout to reflect the amount of
time not slept; most other implementations do not do this. This causes
problems both when Linux code which reads timeout is ported to other
operating systems, and when code is ported to Linux that reuses a struct
timeval for multiple selects in a loop without reinitializing it. Con�
sider timeout to be undefined after select returns.
linuxMachine:/tmp # uname -a
Linux linuxMachine 2.4.21-309.PTF.97199.1-smp #1 SMP Mon Jul 24 12:20:00 UTC 2006 i686 unknown
linuxMachine:/tmp # cat testSelectCall.c
#include "stdio.h"
#include "sys/time.h"
#include "sys/types.h"
#include "unistd.h"
int
main(void) {
fd_set rfds;
struct timeval tv;
int retval;
FD_ZERO(&rfds);
FD_SET(0, &rfds);
tv.tv_sec = 5;
tv.tv_usec = 0;
retval = select(1, &rfds, NULL, NULL, &tv);
/* Here is the tricky part! */
printf("tv.tv_sec=%i\n",tv.tv_sec);
printf("tv.tv_usec=%i\n",tv.tv_usec);
if (retval)
printf("Data is available now.\n");
else
printf("No data within five seconds.\n");
return 0;
}
linuxMachine:/tmp # !gcc
gcc testSelectCall.c
linuxMachine:/tmp # !time
time ./a.out
tv.tv_sec=0
tv.tv_usec=0
No data within five seconds.
real 0m5.000s
user 0m0.000s
sys 0m0.000s
linuxMachine:/tmp #
On a solaris box
solarisBox>uname -a
SunOS solarisBox 5.10 Generic_118835-02 sun4u sparc SUNW,Sun-Blade-100
solarisBox>gcc testSelectCall.c
solarisBox>!time
time ./a.out
tv.tv_sec=5
tv.tv_usec=0
No data within five seconds.
real 0m5.025s
user 0m0.003s
sys 0m0.010s
solarisBox>
Man Page has the following description
man 2 select
Some code calls select with all three sets empty, n zero, and a non-null
timeout as a fairly portable way to sleep with subsecond precision.
On Linux, the function select modifies timeout to reflect the amount of
time not slept; most other implementations do not do this. This causes
problems both when Linux code which reads timeout is ported to other
operating systems, and when code is ported to Linux that reuses a struct
timeval for multiple selects in a loop without reinitializing it. Con�
sider timeout to be undefined after select returns.
Monday, June 04, 2007
Microsoft announces surface
I am sure, many are aware of it. In case you haven't then check this out
http://www.microsoft.com/surface/
http://www.microsoft.com/surface/
Wednesday, May 30, 2007
Getting shell script variable values
Here is the problem
bash-2.05# cat test1.sh
ATM_PIN="123"
echo "Environment variables" > out.log
env >> out.log
echo $ATM_PIN
bash-2.05# sh test1.sh
123
bash-2.05# cat out.log |grep -i atm
bash-2.05#
While debugging a shell script, if the values of the variables are required in an intermittent state of the shell script execution use the -a option.
bash-2.05# sh -a test1.sh
123
bash-2.05# cat out.log |grep -i atm
ATM_PIN=123
bash-2.05#
bash-2.05# cat test1.sh
ATM_PIN="123"
echo "Environment variables" > out.log
env >> out.log
echo $ATM_PIN
bash-2.05# sh test1.sh
123
bash-2.05# cat out.log |grep -i atm
bash-2.05#
While debugging a shell script, if the values of the variables are required in an intermittent state of the shell script execution use the -a option.
bash-2.05# sh -a test1.sh
123
bash-2.05# cat out.log |grep -i atm
ATM_PIN=123
bash-2.05#
Subscribe to:
Posts (Atom)
