Month: July 2008

Trisul – Packages released for Ubuntu Hardy and Fedora 7

There has been a lot of heavy activity on the open source Trisul Network Metering and Forensics project.

fetch.png

Packages available

We have packages for Ubuntu (i386,32-bit) and Fedora (i386,32-bit) available for download. This is the easiest way to get install and give Trisul a spin.Please download the packages from http://code.google.com/p/trisul/downloads/list

You could be up and running in only 3 steps on Red Hat for example

  1. Download the RPM package from http://code.google.com/p/trisul/downloads/list
  2. As root : rpm -Uvh trisul-x.y.z.rpm
  3. As root : service trisul start

Thats it ! Trisul will now be capturing forensics data from eth0. Statistics and flows are stored in a SQLITE3 database, raw packets are stored in a ring directory. See the installation documentation for more details.
Mailing list support
Any trouble / questions / contributions ? Send email to trisul@googlegroups.com

You can browse the newly setup group at http://groups.google.com/group/trisul/topics

Freshmeat announcement
We are ready for our first public announcement on Freshmeat today. Trisul is stable and usable enough to be of great value immediately.

Winpcap permission issue with Vista

One of the most used features of Unbrowse SNMP is the passive SNMP trap receiver. The trap receiver can listen to SNMP trap activity using any of the following three options.

  • On UDP Port 162 (this is the classic mode)
  • Via Windows Raw Sockets
  • Via Winpcap

When running Unbrowse SNMP on Windows Vista, you may encounter the following message when attempting to listen to SNMP traps using the Winpcap library.

wpcap1.jpg

This message means that Unbrowse SNMP is not able to load the Winpcap driver service using the current users credentials. Unfortunately, running Unbrowse SNMP as administrator does not fix the problem.

The work around is :

  • Open a command prompt as administrator (Start->All Programs->Accessories -> Right click on Command Prompt and Run as administrator)
  • Type “net start npf” This loads the driver used by Winpcap.
  • Exit

Now, Unbrowse SNMP can listen to traps without further issues.

Note : This only needs to be done once after you restart the machine.

 

Unbrowse SNMP updates

A new version of Unbrowse SNMP is available (Build 1234).

You can get it from the downloads page.

Release highlights :

  • Handle SNMP devices (Cisco) which include special characters like CR and LF as part of printable Octet Strings. When such characters are seen Unbrowse will replace them with {CR} {LF} in the MIB Walker.
  • Fix a bug while issuing SNMP SET commands for binary data (Eg, Hex: ff ff ff). You can now include spaces for readability.
  • Allow copying the output of the MIB compiler window.
  • Allow clearing the MIB compiler window. 
  • Various minor fixes

Get it now !