Wednesday, April 30, 2014

Sourcefire VRT Certified Snort Rules Update for 04/30/2014

Just released:
Sourcefire VRT Certified Snort Rules Update for 04/30/2014


We welcome the introduction of the newest rule release from the VRT. In this release we introduced 10 new rules and made modifications to 1 additional rules.

There were no changes made to the snort.conf in this release.


In VRT's rule release:
The Sourcefire VRT has added and modified multiple rules in the bad-traffic, malware-cnc and web-misc rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

OpenAppId Webinar is tomorrow!

Announced at RSA, Snort 2.9.7.0 Alpha with the OpenAppID preprocessor, rule keywords and new features: http://blog.snort.org/2014/02/snort-2970-alpha-release-now-available.html have generated an immense amount of interest in the Snort community.

If you aren't familiar with OpenAppId, you can check out all of our posts about the subject here: http://blog.snort.org/search/label/openappid

We wanted to hold a webinar in order for the Open source community to come, see what it's all about, and ask questions about OpenAppId from the developers themselves.

To register for the Webinar, on Thursday, May 1, 2014 at 1pm EDT, please click here.

Tuesday, April 29, 2014

Sourcefire VRT Certified Snort Rules Update for 04/29/2014

Just released:
Sourcefire VRT Certified Snort Rules Update for 04/29/2014

We welcome the introduction of the newest rule release from the VRT. In this release we introduced 3 new rules and made modifications to 5 additional rules.

There were no changes made to the snort.conf in this release.

In VRT's rule release:
The Sourcefire VRT has added and modified multiple rules in the blacklist, exploit-kit, file-multimedia and os-mobile rule sets to provide coverage for emerging threats from these technologies.

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Monday, April 28, 2014

Sourcefire VRT Certified Snort Rules Update for 04/28/2014, Adobe Flash 0day

Just released:
Sourcefire VRT Certified Snort Rules Update for 04/28/2014


We welcome the introduction of the newest rule release from the VRT. In this release we introduced 54 new rules and made modifications to 4 additional rules.

There were no changes made to the snort.conf in this release.


In VRT's rule release:
CVE-2014-0515: Adobe Flash Player contains a coding deficiency that may lead to remote code execution. 
A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 30877. 
The Sourcefire VRT has also added and modified multiple rules in the app-detect, blacklist, browser-ie, exploit-kit, file-flash, file-multimedia and protocol-dns rule sets to provide coverage for emerging threats from these technologies.

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Sourcefire VRT Certified Snort Rules Update for 04/28/2014, Internet Explorer 0day

Just released:
Sourcefire VRT Certified Snort Rules Update for 04/28/2014


We welcome the introduction of the newest rule release from the VRT. In this release we introduced 30 new rules and made modifications to 10 additional rules.

There were changes made to the snort.conf in this release:

The following port(s) were added to stream5 ports_both, http_inspect, and HTTP_PORTS:
9290

The VRT would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Yaser Mansour
30795
30796
30824
30825
30826
30827
30828
30829
30830
30831
30832
30833
30834
30835
30836
30837
30838
30839
30840
30841
30842

In VRT's rule release:
Microsoft Security Bulletin 2963983: Internet Explorer suffers from programming errors that may lead to remote code execution. 
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 30794 and 30803. 
The Sourcefire VRT has also added and modified multiple rules in the browser-ie, exploit-kit, malware-cnc, protocol-scada and sql rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Cisco, Linux Foundation, and OpenSSL

Our Cisco colleague Anthony Grieco wrote a quick blog post over on the Cisco Security blog announcing that Cisco is a proud supporter and founder of the Linux Foundation initiative announced on April 24th.

We are pleased to help form a critical mass of governance, funding, and focus that will support the output of open source communities like OpenSSL. By working together as an industry, we can expect greater security, stability, and robustness for components that are critical to the Internet.

Check out the blog article here for further information: http://blogs.cisco.com/security/cisco-linux-foundation-and-openssl/

Friday, April 25, 2014

Sourcefire VRT Certified Snort Rules Update for 04/25/2014

Just released:
Sourcefire VRT Certified Snort Rules Update for 04/25/2014

We welcome the introduction of the newest rule release from the VRT. In this release we introduced 5 new rules and made modifications to 13 additional rules.

There were changes made to the snort.conf in this release:

The following ports were added to HTTP_PORTS, stream5 ports_both, and http_inspect ports:
1942
5000
5600
7778
8333
8344
8983

The

In VRT's rule release:
The Sourcefire VRT has added and modified multiple rules in the app-detect, server-apache and server-webapp rule sets to provide coverage for emerging threats from these technologies. This release includes detection for CVE-2014-0094 and CVE-2014-0112.

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Thursday, April 24, 2014

Sourcefire VRT Certified Snort Rules Update for 04/24/2014

Just released:
Sourcefire VRT Certified Snort Rules Update for 04/24/2014


We welcome the introduction of the newest rule release from the VRT. In this release we introduced 12 new rules and made modifications to 6 additional rules.

There were no changes made to the snort.conf in this release.


In VRT's rule release:
The Sourcefire VRT has added and modified multiple rules in the server-other rule set to provide coverage for emerging threats from these technologies.


In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

OpenAppId Webinar has been scheduled!

Announced at RSA, Snort 2.9.7.0 Alpha with the OpenAppID preprocessor, rule keywords and new features: http://blog.snort.org/2014/02/snort-2970-alpha-release-now-available.html have generated an immense amount of interest in the Snort community.

If you aren't familiar with OpenAppId, you can check out all of our posts about the subject here: http://blog.snort.org/search/label/openappid

We wanted to hold a webinar in order for the Open source community to come, see what it's all about, and ask questions about OpenAppId from the developers themselves.

To register for the Webinar, on Thursday, May 1, 2014 at 1pm EDT, please click here.


Snort 2.9.4.6 is now EOL for rule support.

Snort 2.9.4.6 is now EOL for rule support.

This means we will no longer be releasing updates for this version of the rule engine. Users of this version are now encouraged to upgrade to the latest version of Snort, which is now Snort 2.9.6.1.

Please review our EOL policy here: https://www.snort.org/eol

Sourcefire VRT Certified Snort Rules Update for 04/24/2014

Just released:
Sourcefire VRT Certified Snort Rules Update for 04/24/2014

We welcome the introduction of the newest rule release from the VRT. In this release we introduced 8 new rules and made modifications to 5 additional rules.

There were no changes made to the snort.conf in this release.

The VRT would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Avery Tarasov
30772

In VRT's rule release:
The Sourcefire VRT has added and modified multiple rules in the blacklist, browser-ie, file-pdf, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.
In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Wednesday, April 23, 2014

Snort 2.9.6.1 is now available!

Snort 2.9.6.1 is now available on snort.org, at
https://www.snort.org/downloads in the Development section.

Snort 2.9.6.1 includes changes for the following:

2014-04-22 - Snort 2.9.6.1
[*] Improvements
* Added a control command to dump all packets matching a BPF to a pcap
   file for capturing specific traffic for further analysis.

* Address issue for encoded packets and icmp header length determination.

* Provide more detailed error output for parsing of invalid rules when
   byte_test, byte_check, content, and isdataat use a byte_extract value.

* Updated sensitive data to better address partial matches between packets.

See the Release Notes and ChangeLog for more details.

Please submit bugs, questions, and feedback to bugs@snort.org.

Happy Snorting!
The Snort Release Team

Tuesday, April 22, 2014

Sourcefire VRT Certified Snort Rules Update for 04/22/2014

Just released:
Sourcefire VRT Certified Snort Rules Update for 04/22/2014

We welcome the introduction of the newest rule release from the VRT. In this release we introduced 26 new rules and made modifications to 4 additional rules.

There were no changes made to the snort.conf in this release.

In VRT's rule release:
The Sourcefire VRT has added and modified multiple rules in the blacklist, exploit-kit, file-flash, file-identify, file-multimedia, malware-backdoor, malware-cnc and pua-toolbars rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Friday, April 18, 2014

Interest in Starting an Eastern Pennsylvania Snort User Group!

I just posted another interested Snort User Group on the user-groups page on Snort.org.  Mr. David Chastain emailed me and was interested in starting a group and set up an email address just for it.

Please take a look at our User-Groups page, and if you are interested in joining Mr. Chastain's group or any other Snort User Group, please email the owner of the group listed on that page let them know!  Thanks!

Thursday, April 17, 2014

Sourcefire VRT Certified Snort Rules Update for 04/17/2014

Just released:
Sourcefire VRT Certified Snort Rules Update for 04/17/2014

We welcome the introduction of the newest rule release from the VRT. In this release we introduced 32 new rules and made modifications to 0 additional rules.

There were no changes made to the snort.conf in this release.

In VRT's rule release:
The Sourcefire VRT has added multiple rules in the server-other rule set to provide coverage for emerging threats from these technologies.
In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Sourcefire VRT Certified Snort Rules Update for 04/17/2014

Just released:
Sourcefire VRT Certified Snort Rules Update for 04/17/2014

We welcome the introduction of the newest rule release from the VRT. In this release we introduced 14 new rules and made modifications to 14 additional rules.

There were no changes made to the snort.conf in this release.

The VRT would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Yaser Mansour
30566

Avery Tarasov
30567
30568
30569
30570

In VRT's rule release:
The Sourcefire VRT has added and modified multiple rules in the blacklist, file-identify, file-java, file-multimedia, malware-cnc, malware-other, os-windows and server-other rule sets to provide coverage for emerging threats from these technologies.
In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Tuesday, April 15, 2014

Sourcefire VRT Certified Snort Rules Update for 04/15/2014

Just released:
Sourcefire VRT Certified Snort Rules Update for 04/15/2014

We welcome the introduction of the newest rule release from the VRT. In this release we introduced 31 new rules and made modifications to 10 additional rules.

There were no changes made to the snort.conf in this release.

The VRT would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Avery Tarasov
30543
30544
30545
30546
30547
30548
30550
30551
30552

In VRT's rule release:
The Sourcefire VRT has added and modified multiple rules in the blacklist, exploit-kit, file-flash, file-multimedia, file-other, file-pdf, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.
In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Thursday, April 10, 2014

Sourcefire VRT Certified Snort Rules Update for 04/10/2014, HeartBleed

Just released:
Sourcefire VRT Certified Snort Rules Update for 04/10/2014

We welcome the introduction of the newest rule release from the VRT. In this release we introduced 6 new rules and made modifications to 29 additional rules.

There were no changes made to the snort.conf in this release.

In VRT's rule release:
The Sourcefire VRT has added and modified multiple rules in the app-detect, blacklist, file-identify and server-other rule sets to provide coverage for emerging threats from these technologies.
In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Wednesday, April 9, 2014

2014 Snort Scholarship is now open!

Annually, Sourcefire provides a Snort Scholarship to two individuals selected at random (by drawing) in the amount of $5000 US for higher education purposes.

To be eligible, you must meet the legal criteria found here on our website, sign up for the scholarship here, and following that, on or about June 6, 2014, two winners will be selected.

To apply, you must go target="_blank">here and click on the pig image in the middle of the page! Good luck!

Tuesday, April 8, 2014

Sourcefire VRT Certified Snort Rules Update for 04/08/2014, MsTuesday, OpenSSL TLS Heartbeat

Just released:
Sourcefire VRT Certified Snort Rules Update for 04/08/2014

We welcome the introduction of the newest rule release from the VRT. In this release we introduced 37 new rules and made modifications to 296 additional rules.

There were no changes made to the snort.conf in this release.

The VRT would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Yaser Mansour
30481
30482
30483
30484

In VRT's rule release:
OpenSSL TLS heartbeat read overrun CVE-2014-0160:
A programming error in the OpenSSL heartbeat extension exists that may
lead to information disclosure.

Rules to detect attacks targeting this vulnerability are included in
this release and are identified with GID 1, SIDs 30510 through 30517.

Microsoft Security Bulletin MS14-018:
Internet Explorer suffers from programming errors that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 30497 through 30502,
and 30508 through 30509.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are included in this release and are identified with
GID 1, SIDs 24974 through 24975.

The Sourcefire VRT has also added and modified multiple rules in the
blacklist, browser-firefox, browser-ie, exploit-kit, file-office and
server-other rule sets to provide coverage for emerging threats from
these technologies.
In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Friday, April 4, 2014

OpenAppID Application Rules

In my last post I showed how to get the latest version of Snort up and running in order to explore our latest feature - OpenAppID. Here at Cisco we’ve released application detection as open source.
But the next part of application identification is application control.
The addition of OpenAppID also adds a new keyword to the Snort rules language. The appid keyword can be embedded in any rule to match only on traffic already identified as a specific application. 
This can be used to more easily write rules for a specific application. In some cases you can rely solely on the appid keyword instead of a series of flowbits to identify a specific protocol or application. The appid keyword can also be used to alert on and control application usage. 
For example, maybe you are easily distracted and need some help staying focusing. To this end, Facebook and Reddit should be blocked.
The first step is to confirm the correct appid names used for these sites. For this we must check the appMapping.data file. The seventh column of this file has the short app name that we need for our rule.
$ grep -i reddit appMapping.data |cut -f7
reddit
Now that I know the application name I can write my rule.
alert tcp any any -> any any (msg:”Too much noise”; appid: facebook reddit; sid:1000000; rev:1)
In order to confirm you have the correct appid name, search through the appMapping.data file.
Now let’s test the new rule. I reloaded my web browser and tried Reddit.
Also packaged in the tools subdirectory in the Snort source package is a program called u2spewfoo, which will all you to convert the unified2 binary alerts to readable text. This time we will examine the usual Snort log for rules that have alerted, instead of the application statistics file we looked at before.
u2spewfoo snort.log.1393812653
And then I get the following output.
(Event)
        sensor id: 0    event id: 2     event second: 1393813987        event microsecond: 466131
        sig id: 1000000 gen id: 1       revision: 1      classification: 0
        priority: 0     ip source: 23.0.160.16  ip destination: 192.168.115.183
        src port: 80    dest port: 42472        protocol: 6     impact_flag:
0  blocked: 0
        mpls label: 0   vland id: 0     policy id: 0    appid: reddit

Packet
        sensor id: 0    event id: 2     event second: 1393813987
        packet second: 1393813987       packet microsecond: 466131
        linktype: 1     packet_length: 281
[    0] 00 0C 29 FC 10 A5 00 50 56 FB 1F B8 08 00 45 00  ..)....PV.....E.
[   16] 01 0B 56 B4 00 00 80 06 F7 C8 17 00 A0 10 C0 A8  ..V.............
[   32] 73 B7 00 50 A5 E8 8C 05 0F 4B E0 AA D4 DD 50 18  s..P.....K....P.
[   48] FA F0 C6 F0 00 00 48 54 54 50 2F 31 2E 31 20 33  ......HTTP/1.1 3
[   64] 30 32 20 46 6F 75 6E 64 0D 0A 53 65 72 76 65 72  02 Found..Server
[   80] 3A 20 41 6B 61 6D 61 69 47 48 6F 73 74 0D 0A 4C  : AkamaiGHost..L
[   96] 6F 63 61 74 69 6F 6E 3A 20 68 74 74 70 3A 2F 2F  ocation: http://
[  112] 77 77 77 2E 72 65 64 64 69 74 2E 63 6F 6D 2F 0D  www.reddit.com/.
[  128] 0A 44 61 74 65 3A 20 4D 6F 6E 2C 20 30 33 20 4D  .Date: Mon, 03 M
[  144] 61 72 20 32 30 31 34 20 30 32 3A 33 33 3A 30 37  ar 2014 02:33:07
[  160] 20 47 4D 54 0D 0A 43 6F 6E 74 65 6E 74 2D 4C 65   GMT..Content-Le
[  176] 6E 67 74 68 3A 20 30 0D 0A 56 69 61 3A 20 31 2E  ngth: 0..Via: 1.
[  192] 31 20 72 74 70 31 30 2D 64 6D 7A 2D 77 73 61 2D  1 rtp10-dmz-wsa-
[  208] 31 2E 63 69 73 63 6F 2E 63 6F 6D 3A 38 30 20 28  1.cisco.com:80 (
[  224] 43 69 73 63 6F 2D 49 72 6F 6E 50 6F 72 74 2D 57  Cisco-IronPort-W
[  240] 53 41 2F 37 2E 35 2E 32 2D 31 31 38 29 0D 0A 43  SA/7.5.2-118)..C
[  256] 6F 6E 6E 65 63 74 69 6F 6E 3A 20 6B 65 65 70 2D  onnection: keep-
[  272] 61 6C 69 76 65 0D 0A 0D 0A                       alive....

(ExtraDataHdr)
        event type: 4   event length: 33

(ExtraData)
        sensor id: 0    event id: 2     event second: 1393813987
        type: 9 datatype: 1     bloblength: 9   HTTP URI: /

(ExtraDataHdr)
        event type: 4   event length: 42

(ExtraData)
        sensor id: 0    event id: 2     event second: 1393813987
        type: 10        datatype: 1     bloblength: 18  HTTP Hostname: reddit.com
In addition to the usual data (source IP address, time, protocol, etc.) you will see the new appid field is listed in this event.
While not new to this version of Snort, I think it’s worth pointing out the two extra data fields that show us the HTTP URI and hostname. If you’ve been relying on some older tools to parse your unified data for you, you may not know that this data is available.
Now all I have to do is change my rule from alert to drop and reload Snort and I’ll have a better chance at avoiding distraction!

Happy Snorting! Let us know in the comments how you’re using the latest visibility and control into the application layer.

Thursday, April 3, 2014

Sourcefire VRT Certified Snort Rules Update for 04/03/2014

Just released:
Sourcefire VRT Certified Snort Rules Update for 04/03/2014

We welcome the introduction of the newest rule release from the VRT. In this release we introduced 151 new rules and made modifications to 5 additional rules.

There were no changes made to the snort.conf in this release.

In VRT's rule release:
The Sourcefire VRT has added and modified multiple rules in the blacklist, browser-ie, file-flash, indicator-shellcode, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.
In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Tuesday, April 1, 2014

Sourcefire VRT Certified Snort Rules Update for 04/01/2014

Just released:
Sourcefire VRT Certified Snort Rules Update for 04/01/2014

We welcome the introduction of the newest rule release from the VRT. In this release we introduced 45 new rules and made modifications to 122 additional rules.

There were no changes made to the snort.conf in this release.

The VRT would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Yaser Mansour
30288

In VRT's rule release:
The Sourcefire VRT has added and modified multiple rules in the bad-traffic, blacklist, browser-ie, dos, exploit, exploit-kit, file-other, indicator-compromise, indicator-obfuscation, malware-cnc, malware-other, netbios and web-client rule sets to provide coverage for emerging threats from these technologies.

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Announcing netvi, a new tool from the Snort team for editing network packets in real time

NetVI

A real-time packet editor for traffic on network interfaces

Useful for protecting a single system before traffic reaches an application,
or as an inline tool for protecting an entire network.

netvi has a number of command line options, similar to Snort, and includes all of
Snort's DAQ command line options as well as the ability to specify a BPF via the
command line.


Command line options

-h                          Help
-c                          Specify configuration
-i                           Specify network interface
-n                          Limit the number of packets
-r                           Test netvi with a pcap
-V                         Version


Example uses

To use netvi, and protect your local host (host mode)

netvi -i eth0

Or, use with a bridged interface to protect an interface (network mode)

netvi -i bridge0

Additionally, you can use netvi in trial mode using a pcap with the -r
command line switch.


Editing Packets

Once netvi starts and acquires a packet thru the DAQ, it will present the packet in
an editor.  Modify the hex or the ASCII bytes as you desire from within the vi-style
editor to make changes to the packet before it is written to the wire.  In place
of the filename, the editor shows the name of the interface (or pcap file) and
the packet number.

All common vi editor commands are supported for search and replace,
nagivation, insertion and deletion.

:wq writes the current packet and loads the next packet that arrives
on the network interface.

In between packets -- when not in the packet editor itself, use Control-C to
terminate netvi, just the same as terminating Snort.
Below shows a screenshot of netvi in action.
netvi editing a UDP packet


Words of Warning

Care must be taken to ensure that when packet data is modified, added,
or deleted, IP, TCP or UDP header checksums as well as any TCP sequence
numbers are all properly adjusted.  Failure to do this will result in
netvi sending a malformed packet on thru the network and a broken connection.

In either mode -- host or network -- the user must be able to keep up with loading,
modifying as desired, and writing the network packets to keep traffic flowing.
Impropoer use of netvi can severly impact the rate at which packets arrive at a
host or flow thru a network.

It is recommended that you use -n option to only edit a handful
of packets to get the hang of it before deploying on a real network.  To allow
users to get adjusted to the speed and process by which they can edit packets,
we have defaulted this to 20 packets.


Platforms

netvi has been tested on Linux, FreeBSD, and Mac OSX w/ DAQ 2.0.2.

Download it here: netvi-01.04.14.tar.gz

Happy editing!