similar to: TCP Snoop & wrapper shell script posted

i''m using the following probe to calculate how many bytes are being written by tcp write calls, by process and total: fbt:ip:tcp_output:entry { this->tcpout_size = msgdsize(args[1]); @tcpout_size[execname] = sum(this->tcpout_size); @tcpout_size["TOTAL_TCP_OUT"] = sum(this->tcpout_size); } I run this probe for N seconds. I suppose that if i get the

Forwarded message: > From full-disclosure-admin@lists.netsys.com Wed Apr 21 11:49:12 2004 > To: full-disclosure@lists.netsys.com > From: Darren Bounds <dbounds@intrusense.com> > Subject: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability > Date: Tue, 20 Apr 2004 18:19:58 -0400 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > >

Any information on when (or if) the following timestamp vulnerability will be fixed for 4.X? Any information would be appreciated. http://www.kb.cert.org/vuls/id/637934 Thanks. Richard Coleman rcoleman@criticalmagic.com

Hello security gurus, yesterday, I mistakenly posted a question on the questions list about this article : http://www.securityfocus.com/bid/13676/info/ which talks about a form of DOS vulnerability. I was curious as to the possibility of FreeBSD 5.x being affected, and if anyone was working on this or not. Ted Mittelstaedt posted this possible patch based upon the OpenBSD patch : in

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-04:04.tcp Security Advisory The FreeBSD Project Topic: many out-of-sequence TCP packets denial-of-service Category: core Module: kernel

Box with fresh RELENG_7 panic under heavy network load (more than 50k connections). This panics seems to be senfile(2) related, because when sendfile disabled in nginx, I can't reproduce the problem. Backtrace in all cases like this: # kgdb kernel /spool/crash/vmcore.1 GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General

Hi, When I use FreeBSD-6.0 Release (also FreeBSD-5.4), I found IPSEC can't coexists with MAC. When the IpSec is setup, and we connects the TCP server with IPSEC and MAC support, the server innevitably crack. Because the m_pkthdr of some mbuf is mangled by unknown reasons. Following is my kernel configuration: options MAC options MAC_DEBUG options UFS_EXTATTR options

Hi, I've encountered a strange problem while using FreeBSD 6.0 for our local mirror (mirror.math.uni-bielefeld.de) and thus is providing access via ftp, http, rsync and cvsup (all local and remote). The system crashes periodically with a kernel panic (panic: sbdrop). The uptimes between two crashes are going from a few hours to a few weeks. The system is a i386, Intel Pentium 4 based with

Here's my proposed patch to change RST handling so that ESTABLISHED connections are subject to strict RST checking, but connections in other states are only subject to the "within the window" check. Part 2 of the patch is simply a patch to netstat so that it displays the statistic. As expected, it's very straightforward, the only real question is what to call the statistic...

Hi folks, I ran freebsd-update today hoping it would have picked up the BIND upgrade. freebsd-update reported: The following files will be updated as part of updating to 7.0-RELEASE-p3: /boot/kernel/kernel /boot/kernel/kernel.symbols /usr/bin/dig /usr/bin/host /usr/bin/nslookup /usr/bin/nsupdate /usr/include/netinet/tcp.h /usr/lib/libssh.a /usr/lib/libssh.so.4

https://bugzilla.netfilter.org/show_bug.cgi?id=847 Summary: Owner matching fails on listening socket Product: netfilter/iptables Version: unspecified Platform: x86_64 OS/Version: Debian GNU/Linux Status: NEW Severity: enhancement Priority: P5 Component: ip_tables (kernel) AssignedTo:

this is 6.0-STABLE as for Mar 17. KDB: debugger backends: ddb KDB: current backend: ddb Copyright (c) 1992-2006 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 6.1-PRERELEASE #2: Fri Mar 17 11:05:32 UTC 2006 vlad@host:/usr/src/sys/amd64/compile/DEF_WEB Timecounter

Hello I'm a bit confused about the "tcp time stamp validation bug" mentioned in the http://www.kb.cert.org/vuls/id/637934 advisory. FreeBSD has fixed this issue in -current (2005-04-10) and in RELENG_5 (2005-04-19). Is this also already fixed in 5.4? The CVS ID for tcp_input.c does not look like this. But I'm not sure. Regards, Thomas

On May 19, 2005, at 5:53 AM, Christian Brueffer wrote: > Hi, > > fixes for the vulnerability described in http://www.kb.cert.org/ > vuls/id/637934 > were checked in to CURRENT and RELENG_5 by ps in April. > > http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/tcp_input.c > > Revisions 1.270 and 1.252.2.16 > > He didn't commit it to RELENG_5_4 for some

Hello everybody, setting up a netboot server for a really huge network I decided to go with what will be syslinux 4.10 to get support for http transfers. The setup works on my notebook, booting another notebook directly connected. However it fails with a more complex setup: A virtual machine on the second notebook bridged to the ethernet device does not boot, systems from other networks with a

http://bugzilla.netfilter.org/show_bug.cgi?id=738 Summary: reading beyond buffer limits in nf_conntrack_proto_tcp.c::tcp_options() Product: netfilter/iptables Version: unspecified Platform: All OS/Version: All Status: NEW Severity: minor Priority: P2 Component: nf_conntrack

I have a question about tcp layer of linux kernel. I want, Syn and ack packages received to server will be counted. [image: enter image description here] where total_syn_count and total_ack_count are variables to be defined and will be increased Which files to be used ???? tcp_input.c ,tcp_output.c , tcp_ipv4.c

Hi everybody. Do you know about any way to read the TCP cwnd value (congestion window) on Linux? I have read that on Linux it is not possible to enable a socket option (to read to cwnd using the program trpt). Any way to read the cwnd would be good for me. thanks Antonio

G''Day Folks, I''ve found another use of dtrace, this makes your console keyboard sound like a typewriter. http://www.brendangregg.com/DTrace/typewriter-0.70.tar.gz I''ve only tested it on an UltraSPARC 5 and a Pentium laptop so far, more to follow. Ok, sorry, not actually a practical use of DTrace. :) Enjoy! Brendan [Sydney, Australia]

Hi all, I'm trying to convers some Cisco SSCP phones to the SIP formware. The phone boots, I see it tries to fetch a bunch of files on my TFTP: Jun 17 09:37:45 firewall dnsmasq-dhcp[21202]: DHCPACK(eth2) 192.168.10.103 6c:50:4d:da:f0:67 SEP6C504DDAF067 Jun 17 09:38:10 firewall in.tftpd[22666]: RRQ from 192.168.10.103 filename CTLSEP6C504DDAF067.tlv Jun 17 09:38:10 firewall in.tftpd[22666]: