faucetsdn / network-tools Goto Github PK

https://docs.docker.com/engine/reference/builder/#maintainer-deprecated

specifically link type and server os

p0f: [2018/05/10 20:27:25] mod=mtu|cli=10.98.248.43/50713|srv=108.177.98.95/443|subj=srv|link=generic tunnel or VPN|raw_mtu=1420
p0f: [2018/05/10 20:27:34] mod=syn|cli=10.98.248.43/50714|srv=54.172.129.97/443|subj=cli|os=Windows NT kernel|dist=0|params=generic|raw_sig=4:128+0:0:1460:mss*12,8:mss,nop,ws,nop,nop,sok:df,id+:0
p0f: [2018/05/10 20:27:34] mod=mtu|cli=10.98.248.43/50714|srv=54.172.129.97/443|subj=cli|link=Ethernet or modem|raw_mtu=1500
p0f: [2018/05/10 20:27:34] mod=syn+ack|cli=10.98.248.43/50714|srv=54.172.129.97/443|subj=srv|os=???|dist=22|params=none|raw_sig=4:42+22:0:1396:26883,7:mss,nop,nop,sok,nop,ws:id-:0

https://docs.docker.com/engine/reference/builder/#maintainer-deprecated

It would be easier (and a nice sanity check) to add some sample data to test on, per plugin if applicable.

It does not appear to match files or kickoff processing of followon modules.

2017-10-20T19:04:38+00:00 172.17.0.1 *[1929]: container_linux.go:265: starting container process caused "exec: \"/Users/u/vent_files/asldkfj.*\": permission denied"
2017-10-20T19:04:38+00:00 172.17.0.1 core[1929]: Error on line 434
2017-10-20T19:04:38+00:00 172.17.0.1 core[1929]: Failed to process job: 400 Client Error: Bad Request ("oci runtime error: container_linux.go:265: starting container process caused "exec: \"/Users/u/vent_files/asldkfj.*\": permission denied"
2017-10-20T19:04:38+00:00 172.17.0.1 core[1929]: ")
2017-10-20T19:04:38+00:00 172.17.0.1 core[1929]: {'d-grossman-vent-plugins-check-files-master:dd34346b4dd1c7f1b09de443f2bda9f0dab2caa2': {'volumes': {'/Users/u/vent_files': {'bind': '/Users/u/vent_files', 'mode': 'rw'}}}}
2017-10-20T19:04:38+00:00 172.17.0.1 core[1929]: (False, '400 Client Error: Bad Request ("oci runtime error: container_linux.go:265: starting container process caused "exec: \\"/Users/u/vent_files/asldkfj.*\\": permission denied"\n")')

the line https://github.com/IQTLabs/network-tools/blob/master/rbqwrapper/rbqwrapper.py#L105 will throw an error because self is not defined in this scope

https://docs.docker.com/engine/reference/builder/#maintainer-deprecated

One of the challenges we have on the Poseidon team is gathering more data to train our ML models. A key part of that gathering is identifying (and labelling!) packet captures (pcaps) of specific device types. (e.g. X appears to be a TiVo, Y appears to be a Camera device, Z to be a Windows AD controller, etc.) One can of course achieve this using a combination of tools and approaches (including the use of p0f and Wireshark!), but there have been times when we have been sifting through pcaps that it hasn't been immediately obvious what a give node is.

We have found it useful to represent a node's communications as visual graph to help with identification. To-date we have done this manually using a a few steps:

1. Converting the PCAP to a basic graph using the "brassfork" tool (which outputs a nodes.csv and edges.csv)
2. Importing the two csv files from brassfork into Gephi
3. Saving the Graph
4. Being happy that it is now easier to figure out what you are looking at

What we would really like to do is take the above process, automate it, and replace Gephi with some generated graph visualization mechanism like Graphistry.

https://docs.docker.com/engine/reference/builder/#maintainer-deprecated

https://docs.docker.com/engine/reference/builder/#maintainer-deprecated

the following fields for vent.template files need to be removed that are now legacy and can be confusing to end users:

• public_ip
• locally_active
• external_host
• mime_type

There is currently no uniform way to test plugins before loading them into vent. It would be useful to have a standard way to point to input files and their expected output, then run tests against that. The solution needs to be language agnostic.

Sharness might be a good fit:

Sharness is a portable shell library to write, run, and analyze automated tests for Unix programs. Since all tests output TAP, the Test Anything Protocol, they can be run with any TAP harness.

Here's an example of how Sharness is used by IPFS-go. Since it uses a standard output format (TAP) it would be a good excuse to add some plugins and visualization tools for that standard.

should create a text file that writes out MAC, IP, and PCAP filename

https://docs.docker.com/engine/reference/builder/#maintainer-deprecated

https://docs.docker.com/engine/reference/builder/#maintainer-deprecated

For reference: https://raw.githubusercontent.com/CyberReboot/vent/master/docs/images/workflow.png

Vent can handle plugins dumping files back into the input. It could be helpful to translate arbitrary files into RDF, so they can be combined as linked data. A CSV-to-RDF converter would be a good first step in that direction, and could be accomplished by simply wrapping Tarql. I'll take a look at this.

https://docs.docker.com/engine/reference/builder/#maintainer-deprecated

should look something like the one here: https://github.com/CyberReboot/vent

Looks like the current plugins have pretty minimal logging -- just printing to std out. How does Vent handle this output? Would it be valuable to pull together more verbose logs?

https://docs.docker.com/engine/reference/builder/#maintainer-deprecated

There is an error with this repository's Renovate configuration that needs to be fixed. As a precaution, Renovate will stop PRs until it is resolved.

Error type: undefined. Note: this is a nested preset so please contact the preset author if you are unable to fix it yourself.

Vent only loads plugins on the Master branch, but the contributing guidelines tell you to work on a feature branch. With current vent settings, this prevents the plugin from being deployed, even for testing.

I'll update the guidelines to reflect this.

should look something like the one here: https://github.com/CyberReboot/vent

should look something like the one here: https://github.com/CyberReboot/vent