So to follow up with the previous post about MTU and MSS, I wanted to show you how to set the MTU value on your computer. On most Unix-like boxes it is a fairly straight forward process to change your MTU. On Windows it gets a little trickier with registry changes and such things that can brick your computer.
I have been behind in my posts, and I have quite a few items to get posted. Today I wanted to walk through an example of tcpdump can be useful when tracking down malicious traffic on your network. I am going to use the example of IrnBot to demonstrate a handy technique. IrnBot (named after the Scottish drink IrnBru), also popularly known as Rinbot, produces a lot of traffic on port 1433, 2967 and 139. It also opens up a connection to irc servers on the outside over port 8080.
I find myself sorting through logs all the time, and I have developed a couple of tricks for pulling the information I need out. With a little awk, sort and uniq magic you can get a great deal of info out of your logs.
Here is another handy little trick for tcpdump that will help you identify some potential network issues. Often times when there is some trouble along the line you will see reset connections. This happens for many reasons and can be an indication of everything form a network program to a crashed application that suddenly stops responding.
You see that light blinking like crazy on the switch, and want to see what it is that your systems is doing? If you are on a (u|li)n[i|u]x or bsd of some sort pick up a copy of tcpdump. If you are on OS X it is already included.
Now that you have created keys for logging into you servers, you might find that you are moving between systems, or you just don’t like leaving your keys behind when you go home. There is a quick fix for this.
Are you sick of typing in passwords when sshing into systems or when transferring files of scp of sftp. Well the good news is that there is an easier and safer way to do this with ssh keys.