Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
Ankush Chadda
@iamkhush
type a colon,.. it gives u option :)
Brian Wylie
@brifordwylie
so pandas is the python module causing all the trouble (takes a LONG time to install)… normally I would just punt it out of the main install.. but part of what workbench is.. is getting data to a dataframe… so it’s imporant to have that… still thinking about the best thing to do here..
Brian Wylie
@brifordwylie
kk.. I sent the Travis folks an email (cc’d you)… for now I’ll pull the module out.. but in the long run it will need to be there in some form...
Brian Wylie
@brifordwylie
okay, build should be back to good now...
Brian Wylie
@brifordwylie
I’m merging the CLI branch in the next hour… I’ll monitor builds, etc...
Brian Wylie
@brifordwylie
oh, workbench_client changed to client_helper (just trying to be more explicit about that module is to help do some boilerplate stuff for clients.. and isn’t actually a client :)
Brian Wylie
@brifordwylie
I made a youtube video about the command interface… it’s very rough… but I think better than nothing… http://youtu.be/v4zXhZINdDQ
Ankush Chadda
@iamkhush
Hey. Congrats :)
We crossed 1000 commits mark
Brian Wylie
@brifordwylie
Screen Shot 2014-07-28 at 9.48.48 PM.png
streaming a sample to our new cloud instance… workbenchserver.com …. ha! so happy….
Brian Wylie
@brifordwylie
I posted another youtube video.. http://youtu.be/MvSa7aklWTI
Ankush Chadda
@iamkhush
Hey nice pic :)
Brian Wylie
@brifordwylie
thanks...somehow github removed my old pic... so I put in a new one
Ankush Chadda
@iamkhush
github ??
Brian Wylie
@brifordwylie
yeah.. not sure what happened but earlier today.. I had one of those 'default' images instead of my normal... perhaps gravatar was down for a bit or something...
Ankush Chadda
@iamkhush
ohk
Brian Wylie
@brifordwylie
so did you see the 3 simultaneous clients in http://youtu.be/MvSa7aklWTI .... I'm excited... whether it will scale to 50 user I have no idea... but that will be a good problem to have...
Ankush Chadda
@iamkhush
havent watched yet.
We can build a bot for that, testing 50 or more
Ankush Chadda
@iamkhush
Hey what do you think about Rtfd now? #250 , #162
And also check the webpage now for pcap_report
Brian Wylie
@brifordwylie
on rtfd.. you're asking about priorities on those two issues?
Ankush Chadda
@iamkhush
Yeah
Brian Wylie
@brifordwylie
oh… I’m not sure.. perhaps start doing those after the pcap_report is finished
On the pcap report:
1) The list of pcaps should just be one-line per pcap (like you had before) with the top ones meta data showing in the middle panel
2) See Logs should be ‘See Details’
3) When you click on a Bro log it should show you the top 20 rows of the log instead of the meta data
4) Extracted files looks good :)
a lot of these tweeks I can do…. looks like you have many of the building blocks in place… so that is good
Brian Wylie
@brifordwylie
I see the cloud server being hit… is that you?
beenjaminmb
@beenjaminmb
Hey Brian I have a question about what using zerorpc gets you?
Brian Wylie
@brifordwylie
sure,
1) co-operative ‘threading’. The zerorpc gevent server will handle multiple connections and each connection gets serviced while not blocking on the other connections
2) ‘Server-side’ RPC: so calls on the client are really done on the server so all the data/heavy lifting are on the server side
3) Server->Client streaming… when you call stream_sample, or batch_work_request.. those are ‘streamed’ from the server to the client (zero-copy, highly efficient )
have you done ‘pip install workbench_cli’ ? Someone is hitting the cloud server.. just wondering if it’s you...
the thing that makes me nervous about ZeroRPC is that the project seems to be super not active...
Brian Wylie
@brifordwylie
Ben, have you had a chance to look at http://youtu.be/MvSa7aklWTI it might answer some of your ZeroRPC questions...
beenjaminmb
@beenjaminmb
I will check it out. I've been reading up about async events in python and that seems to come up a lot.
That isn't me. Is it coming from one machine?
Brian Wylie
@brifordwylie
No worries, it good to have someone else hitting the server
beenjaminmb
@beenjaminmb
Most definitely! A lot of the students seemed really interested and someone I know from school seemed pretty interested in the project. We are talking about it now as a matter of fact.
Brian Wylie
@brifordwylie
Hi Ben I looked at all 3 pcaps you had on the google drive… trying to do pcap_graph on win2k3hacked.pcap… taking a long time and using over a Gig of memory… is that the one you were having trouble with? If so that will be a great debugging pcap :)
Brian Wylie
@brifordwylie
I threw in an issue for it #272
beenjaminmb
@beenjaminmb
Sweet, I believe that was. If I remember correctly, both seemed to timeout on the http graph but I can't remember for sure. I also threw in a pcapng file just for the heck of it
Brian Wylie
@brifordwylie
nice.. thx… those will all make good test pcaps… hey came across this video today… talks about the Lockheed Martin ‘killchain’… was informative for me https://www.youtube.com/watch?v=VMScauiNsQQ&index=20&list=PLyK0rk0vIZ0cVFAeddZSBv2b69oRnfD0d
beenjaminmb
@beenjaminmb
I haven't seen it. I will check it out!
Ankush Chadda
@iamkhush
Hey , I have assigned you #135 , let me know what else I can do in it. The present design seems fine as we discussed
Brian Wylie
@brifordwylie
okay, sounds good, I’ll look at it… right in the middle of fixing a build break on workbench_cli branch.. so might be a while :)
Brian Wylie
@brifordwylie
okay #135 is a super good start
1) you’re doing the right thing on Bro logs (stream_sample)
2) on the extracted files you should call ‘view’ not stream sample
3) When you click ‘back’ from drilling down on one of the files the selection on the left column reverts back to the top item
Please fix those 3 things and call it done… :)
Also I love the minimal CSS.. very clean...
Brian Wylie
@brifordwylie
actually 1 doesn’t need to be fixed and I can fix 2).. so perhaps if you can just fix 3) I’ll poke at the other stuff...