«
»

Meeting June 5th, 2009

June 5, 2009
7:00 pmto10:00 pm

The meeting is a GO for June 5th, 2009.  Place and time are the Brewhouse at 7:00 PM.  We presently have one talk scheduled:

Extracting PE files from PCAP

We will extract a standalone executable file from captured stream over the network.  Slides and demo goodness abound.

Bio:

eighty was born in the middle of a tornado and given a 75% chance to live.  He also ran with the biggest rock stars of the 80s.

Tags: ,

This entry was posted on Thursday, May 21st, 2009 at 6:24 am and is filed under Cincinnati 2600, Events. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

2 Responses to “Meeting June 5th, 2009”

  1. Siggy says:
    June 1, 2009 at 4:29 pm

    Speaking of tcpdump, Looking at the old slides, what is the command to cause tcpdump to capture all and roll files, per presentation.

  2. eighty says:
    June 2, 2009 at 2:20 am

    -C file_size

    In this case, file size is expressed in millions of bytes. So if you want it to roll over after 2 million bytes, it would be -C 2. To test this, in screen I kicked off:

    sudo tcpdump -n -i lo -s 0 -C 1 -w testlol.pcap

    Then in another screen instance (for the lulz):

    sudo ping -f localhost

Leave a Reply