The Linux Ninja

Patrick McHardy announced the release of the first public version of NFTables on the NetFilter development list and Linux kernel net development list. From the announcement:

The kernel provides a netlink configuration interface, as well as runtime ruleset evaluation using a small classification language interpreter. libnl contains the low-level functions for communicating with the kernel, the nftables frontend is what the user interacts with.

Patrick  goes on to give in depth information on the new implementation and highlighting the differences between the new NFTables interface and the existing NetFilter interface. I recommend at least skimming over the post if you use IPTables/NetFilter on a regular basis so you can see what may be coming down the line.

A new packet capture repository has been launched called pcapr that is sponsored and run by Mu Dynamics.  pcapr appears to be a good alternative to OpenPacket and it supports protocol tagging, searching, and packet viewing in the web browser. Richard Bejtlich of Tao Security and also previously involved with OpenPacket, announced in a blog post earlier this month that he was no longer involved with OpenPacket and one of the reasons was the launching of Pcapr.

Here’s a quick snippet from the pcapr FAQ:

What is pcapr?

Packets are fundamental to how applications and systems communicate with each other and as far as we can tell, there’s no simple way for people to access specific packet sequences to learn, understand, troubleshoot and/or debug these systems. pcapr exists as a repository of these packets, providing full-text search, automatic tagging, viewing and editing of these packets.

I’ve created an account over at pcapr and the features that it offers work well and it is also nice to be able to “preview” the packet capture contents before doing downloading and opening in wireshark for further examination.