tcpdump, ethereal, wireshark, snoop, etc all use the pcap file format for saving packet capture information. That means you can capture information from say OpenBSD PF and then analyse the data in wireshark. The only problem I find is that capture files can get huge and when that happens they are a real PITA to analyse.
That's why I wrote this perl script. It allows you to extract packets from a specified time period (using the timestamp in the packet header) out of a huge dump file and copy them into a new file that should be much smaller and much easier and faster to analyse. Alternatively you can use it to split the huge file into several smaller files of x MB each.
This should be useful to anyone analysing a network packet capture file. Rather than using filters to look at a 500MB file extract the packets for the time period you are interested in and just look at those!
This is a script which can collect perfomance statistics at desired intervals and convert the output into a CSV report which you can then import into a spreadsheet or database for further analysis. It uses standard unix utilities (iostat, vmstat, netstat, uptime) and has been tested on Linux and Solaris systems.
This is a little script I wrote that uses awk to generate information on Apache mod_proxy performance. The script is called cachestats.sh and it takes in a list of log files to process.
For each log it tells you how many requests were served along with the real numbers and percentages of those that were Hits, Misses or Un-cacheable. It breaks each one down by HTTP return code.
How to run your own internal certificate authority using OpenSSL. When using SSL/TLS security internally you may want to set up your own certificate authority. Whether this is for a VPN, Secure Email or HTTPS the certificate authority is setup in the same way. In fact anywhere you can control or have a relationship with both ends of the secured connection you can use your own authority. Why pay verisign to add trust to an already trusting relationship?
How to set the number of mac-addresses allowed on a secure switch port. This is useful if you have setup swtichport security, but want to allow one or more ports to be used by multiple machines or virtual machines. This is how you enable more than one mac-address on a port.
