Déc 272018
 

Working in IT, I use Wireshark almost every day.
This software is just great : free, opensource and will probably take me a lifetime to master it all as there are so many things you can do with it.

However, there are times where you need a driverless and standalone software i.e a software which does not require any installation on your production server.
Indeed, I have seen cases where network may be interrupted for a short while or even worse, cases where the server would BSOD (on old winpcap versions thus).
Furthermore, in some situation you may wish to capture traffic over a VPN interface or over localhost : both actions which wireshark (or rather winpcap) can not perform.

That’s where the windows raw socket feature comes in handy : built in windows feature and can snif over VPN or localhost.
Read more about windows raw sockets here.

Raw sniffer is a command line tool meant to capture IP traffic built around windows raw sockets..
You can pipe out to a text file (and later parse it in excel) or generate a cap file which you can later open with wireshark.
Source code is on github.

It takes simple command line parameters : snif [localip] [proto] [port] [0:1]

Some possible usage :
-snif 127.0.0.1 * * 1 : will capture all traffic on localhost to the console AND dump all traffic to a cap file
-snif 127.0.0.1 tcp 80 1 : will filter on http traffic on localhost to the console AND dump all traffic to to a cap file
-snif * udp * 0 : will filter on udp traffic on selected interface to the console

note : if you dont see your incoming traffic, allow snif.exe on your windows firewall – this could do the trick.

Download here

Déc 152018
 

In a previous article, I released a GUI for libnfs library.

This time, I’ll release a command line tool allowing one to perform simple tasks against NFS exports.


nfsclient 0.1 by erwan2212@gmail.com
nfsclient 0.1 discover
nfsclient 0.1 read nfs://server/export/filename
nfsclient 0.1 write nfs://server/export/ local_filename
nfsclient 0.1 dir nfs://server/export/

Download here.
Discuss here.

Déc 152018
 

Lately I have discovered libnfs.
I quote « LIBNFS is a client library for accessing NFS shares over a network. ».

It is well documented and easy to use with Delphi (or freepascal).

I have decided to build a lightweight NFS client with simple features : discover, list directories, read & write files.

That could be handy at some point with either CloneDisk or TinyPXE Server.

Download here.
Discuss here.

Déc 122015
 

Playing with registry api’s, I coded this small proggie.

Will save an online registry hive to an offline hive file.
Will restore an offline hive file to an online hive (a backup will be made next to the source hive file).

Needs admin rights – Works on windows 2000 and up.

Discuss it here.

dumpreg

 Posted by at 16 h 12 min
Août 012014
 

In a previous article, I showed how to setup a « proxy » for ImDisk thru devio to mount an EWF file.

This time, lets do it with a QCOW file (using external libyal library).

The command lines for the proxy and ImDisk are below :

devio --dll=proxy.dll;dllopen shm:test_proxy c:\test.qcow
imdisk -a -t proxy -o shm -o ro -f test_proxy -m Z:

Find the proxy here : PROXY_QCOW .

Juil 212014
 

I recently discovered the work of Joachim Metz.
I first decided to write a delphi wrapper unit around libewf (here) so that I could add EWF support to CloneDisk.

Today, I decided to do the same for Joachim’s libvmdk unit : another delphi wrapper.
The unit is straighforward and is based on the previous libewf one : create the object, open the file, get the size, read and/or write, close…

The delphi unit is here : libvmdk .

 Posted by at 19 h 10 min  Tagged with:
Juil 212014
 

In a previous article, I showed how to setup a « proxy » for ImDisk thru devio to mount an EWF file.

This time, lets do it with a VMDK file (using external libyal library).

The command lines for the proxy and ImDisk are below :

devio --dll=proxy.dll;dllopen shm:test_proxy c:\test.vmdk
imdisk -a -t proxy -o shm -o ro -f test_proxy -m Z:

See below devio in action :
imdisk_vmdk

Find the proxy here : proxy_VMDK .