Monthly Archives: May 2014

How to check the link of Network Interface between VMware and OS

Posted on by
Reply

I had two network interface on VMware as below. One was made for NAT and other is for bridged. So I just wonder which one is eth0 or eth1 in Linux.

Image

 

First, find MAC address of VMware in a *.vmx file.

C:\VMImage>findstr /C:”.generatedAddress ” *.vmx
SecurityOnion.vmx:ethernet0.generatedAddress = “00:0c:29:1b:48:4d
SecurityOnion.vmx:ethernet1.generatedAddress = “00:0C:29:1B:48:57

 

Secondly, find MAC address of Network Interfaces.

root@sensor:~# ifconfig | grep HWaddr
eth0 Link encap:Ethernet HWaddr 00:0c:29:1b:48:4d
eth1 Link encap:Ethernet HWaddr 00:0c:29:1b:48:57

 

In other way, you can check MAC address of Network Interfaces.

root@sensor:~# lspci | grep -i ethernet | awk {‘print $1’} | while read pciid; do echo $pciid $(cat /sys/bus/pci/devices/*$pciid/net/*/address) $(cat /sys/bus/pci/devices/*$pciid/net/*/uevent); done
02:01.0 00:0c:29:1b:48:4d INTERFACE=eth0 IFINDEX=2
02:05.0 00:0c:29:1b:48:57 INTERFACE=eth1 IFINDEX=3

 

And then you can compare both result. In my case eth0 is NAT Network Interface and eth1 is VMnet0 Network Interface.

Exclude something by regular expression on Splunk

Posted on by
Reply

Splunk support regular expression when you search. It’s very helpful for those who want to extract or exclude something. One day, I found suspicious domain name like ‘afyblkodyg’, ‘imdcbazmqh’, etc. in proxy log.  Actually, these words are not domain in fact. Anyway, I want to know how often does it happen. So I decided to search such a strange words in the proxy log by Splunk.

Splunk> index=idxproxy
| rex field=cs_host(?<xdomain>.*(?<!\.com|\.co|\.lu|\.net|\.org)$)”
| search xdomain!=”” | table _time, c_ip, xdomain

_time                              c_ip                xdomain
1 4/21/14 5:06:27.000 AM 10.10.250.252 afyblkodyg
2 4/21/14 5:06:27.000 AM 10.10.250.252 imdcbazmqh
3 4/21/14 5:06:27.000 AM 10.10.250.252 nidxikaxyh
4 4/17/14 9:39:43.000 PM 10.10.250.252 stqbnqsfok
5 4/17/14 9:39:43.000 PM 10.10.250.252 bbrsqktfut
6 4/17/14 9:39:43.000 PM 10.10.250.252 dnvujghghr

Splunk rex

 

Ads too noisy

Posted on by
Reply

Today the advertisement is a great way to get a money, particularly in Internet quite a while. However, it’s too noisy. Here is a sample that is showing the seriousness of media advertisement. Especially, I wanna talk to about Korea News Media. The left side is a web page of Korea News media and the other side is BBC’s.

advertising

But, I am not only aware the problem. A below image depicts the whole changes of digital media quite well.Source: http://kindofnormal.com/img/truth_facts/iphone/2013/10/11.png