MAC Wireshark packet capture permission error

You have installed Wireshark on you MAC and when you tried to start a capture, and you are prompted with permission error.

Worry not, all you need to do is to start it with SUDO, assuming you have installed it in the default directory.

sudo /Applications/Wireshark.app/Contents/MacOS/Wireshark

Cloud Computing

What is Cloud Computing

The NIST definition of Cloud Computing, Special Publication (SP) 800-145, contains the following definition of the five “Essential Characteristics” of cloud computing.

• On demand self-service
• On-demand self-service is a service available to the consumer without the intervention of the provider. The “consumer” is the individual or organization that purchases the cloud service. Most of the examples in this course assume that an organization is the consumer.
• broad network access
• Broad network access goes beyond the Internet to include a wide range of client platforms.
• resource pooling
• Resource pooling allows the provider’s computing resources to be shared in a multi-tenant model with resources assigned and reassigned on demand.
• rapid elasticity
• Rapid elasticity allows resources to be rapidly and flexibly provisioned and scaled out and in. This provisioning and scaling is performed manually or, in the best case, automatically, either from set parameters or from application logic.
• measured service
• Measured service leverages metering capabilities to automatically control and optimize resource usage according to service parameters.

Common Threats to Cloud Resources

• data breaches
• insufficient identity, credential and access management
• insecure interface and API
• system vulnerability 
• account hijacking
• malicious insider
• advance persistent threats
• data loss
• insufficient due diligent 
• abuse 
• DOS
• shared technology issues
• sensitive data exposure
• 
  

what to do when you got a PURPLE SCREEN on the ESX?

Collect these:

• A screenshot or photograph of the purple diagnostic screen on the console.
• A coredump from the VMkernel placed on disk or sent to the ESXi Dump Collector service. (normally on /var/core)
• A vm-support log bundle from the host following a reboot.

https://kb.vmware.com/s/article/1004128

md5 checksum for multiple files

create the checksum and verify them.
Example: file1.txt file2.txt file3.txt

# Linux
anthony.chin@jump.noc:~$ touch file{1,2,3}.txt
anthony.chin@jump.noc:~$ ll
total 129532
-rw-r--r-- 1 anthony.chin anthony.chin         0 Feb 10 07:06 file1.txt
-rw-r--r-- 1 anthony.chin anthony.chin         0 Feb 10 07:06 file2.txt
-rw-r--r-- 1 anthony.chin anthony.chin         0 Feb 10 07:06 file3.txt
anthony.chin@jump.noc:~$ for i in `ls file?.txt`; do md5sum $i > $i.md5; done
anthony.chin@jump.noc:~$ ll
total 129544
-rw-r--r-- 1 anthony.chin anthony.chin         0 Feb 10 07:06 file1.txt
-rw-r--r-- 1 anthony.chin anthony.chin        44 Feb 10 07:07 file1.txt.md5
-rw-r--r-- 1 anthony.chin anthony.chin         0 Feb 10 07:06 file2.txt
-rw-r--r-- 1 anthony.chin anthony.chin        44 Feb 10 07:07 file2.txt.md5
-rw-r--r-- 1 anthony.chin anthony.chin         0 Feb 10 07:06 file3.txt
-rw-r--r-- 1 anthony.chin anthony.chin        44 Feb 10 07:07 file3.txt.md5
anthony.chin@jump.noc:~$ md5sum -c *.md5
file1.txt: OK
file2.txt: OK
file3.txt: OK

# OSX
$ brew install cfv

$ touch file{1,2,3}.txt
$ ll
total 0
-rw-r--r--  1 anthony.chin  admin  0 Feb 10 15:12 file1.txt
-rw-r--r--  1 anthony.chin  admin  0 Feb 10 15:12 file2.txt
-rw-r--r--  1 anthony.chin  admin  0 Feb 10 15:12 file3.txt

$ for i in `ls file?.txt`; do md5 $i > $i.md5; done
$ ll
total 24
-rw-r--r--  1 anthony.chin  admin   0 Feb 10 15:12 file1.txt
-rw-r--r--  1 anthony.chin  admin  51 Feb 10 15:13 file1.txt.md5
-rw-r--r--  1 anthony.chin  admin   0 Feb 10 15:12 file2.txt
-rw-r--r--  1 anthony.chin  admin  51 Feb 10 15:13 file2.txt.md5
-rw-r--r--  1 anthony.chin  admin   0 Feb 10 15:12 file3.txt
-rw-r--r--  1 anthony.chin  admin  51 Feb 10 15:13 file3.txt.md5$ cfv *.txt
file1.txt.md5: 1 files, 1 OK.  0.000 seconds, 11.1K/s
file2.txt.md5: 1 files, 1 OK.  0.000 seconds, 18.8K/s
file3.txt.md5: 1 files, 1 OK.  0.000 seconds, 14.4K/s
3 files, 3 OK.  0.001 seconds, 7.6K/s

# if the md5 was incorrect:
$ vi file3.txt.md5
$ cfv *.txt
file1.txt.md5: 1 files, 1 OK.  0.000 seconds, 11.3K/s
file2.txt.md5: 1 files, 1 OK.  0.000 seconds, 17.6K/s
file3.txt : crc does not match (b026324c6904b2a9cb4b88d6d61c81d2!=b026324c6904b2a9cb4b88d6d61c81d1)
file3.txt.md5: 1 files, 0 OK, 1 badcrc.  0.000 seconds, 19.4K/s
3 files, 2 OK, 1 badcrc.  0.001 seconds, 7.8K/s

How to check Word Wide Node (WWN) for Fiber Channel HBA card?

To find the Fibre Channel addresses of the HBAs on the machine, run the following:

# systool -c fc_host -v         (output trimmed for clarity)           Class Device path = "/sys/class/fc_host/host8"  (kernel assigned host name/number)         node_name           = "0x20000024ff2254bf"    (hba wwnn       )         port_name           = "0x21000024ff2254bf"    (hba wwpn       )         port_id             = "0x030b00"              (fabric port id assigned by the san to this HBA)       Class Device path = "/sys/class/fc_host/host9"         node_name           = "0x20000024ff2254be"         port_name           = "0x21000024ff2254be"         port_id             = "0x010c00" or alternatively # ls -1c /sys/class/fc_host/host*/*_name 2> /dev/null | xargs -I {} grep -H -v "ZzZz" {} | sort     /sys/class/fc_host/host8/fabric_name:0x100000053367f20d     /sys/class/fc_host/host8/node_name:0x20000024ff2254bf     /sys/class/fc_host/host8/port_name:0x21000024ff2254bf     /sys/class/fc_host/host8/symbolic_name:QLE2562 FW:v5.06.02 DVR:v8.04.00.04.06.3-k     /sys/class/fc_host/host9/fabric_name:0x100000606951c582     /sys/class/fc_host/host9/node_name:0x20000024ff2254be     /sys/class/fc_host/host9/port_name:0x21000024ff2254be     /sys/class/fc_host/host9/symbolic_name:QLE2562 FW:v5.06.02 DVR:v8.04.00.04.06.3-k     # ls -1c /sys/class/fc_host/host*/port_id 2> /dev/null | xargs -I {} grep -H -v "ZzZz" {} | sort     /sys/class/fc_host/host8/port_id:0x030b00     /sys/class/fc_host/host9/port_id:0x010c00

Force a process to coredump

Ensure “gdb” is installed.

Example to force running "crond" process to coredump.

[root@centos ~]# gcore $(pidof crond) [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". 0x00007f8c0f444ee0 in __nanosleep_nocancel () from /lib64/libc.so.6 warning: target file /proc/7011/cmdline contained unexpected null characters Saved corefile core.7011 [root@centos ~]# ls core.7011 [root@centos ~]# file core.7011  core.7011: ELF 64-bit LSB core file x86-64, version 1 (SYSV), SVR4-style, from '/usr/sbin/crond'