sudo ipfw add 1 deny tcp from any to any portnumber out
sudo ipfw add 2 deny udp from any to any portnumber out
Example:
sudo ipfw add 1 deny tcp from any to any 137 out
sudo ipfw add 2 deny udp from any to any 137 out
vi /Users/username/Desktop/smbservername\:sharename.inetloc
This worked to map Windows shares on Macs with Netbios disabled.
vi /etc/smb.conf
…
disable netbios = yes
smb ports = 445
…
Stop nmbd:
launchctl unload -w /System/Library/LaunchDaemons/nmbd.plist
Note: You may need to do the launchctl command a couple times. Not sure why but it did not always stop nmbd. Below is a portion of the nmbd.plist file. If set correctly to disable Netbios, you will see the KeepAlive instead of Enabled (the default).
Create a file called “Show Desktop.scf.”
[Shell]
Command=2
IconFile=explorer.exe,3
[Taskbar]
Command=ToggleDesktop
Right mouse click and drag the file to your Quick Launch bar and release. Select move.
Make sure ImageMagick is installed. The convert command is part of the ImageMagick installation.
convert -geometry 240×160 filename newfilename
The following will resize several images in a script:
#!/bin/bash
for x in $(ls)
do
convert -geometry 240×160 $x new-$x
done
This is a configuration that I have used to restrict access to web sites via squid. It seems to work well for a small number of users.
From /etc/squid/squid.conf
…
acl Home proxy_auth REQUIRED
acl all src 0/0
acl block url_regex -i “/etc/squid/blockedsites.acl”
http_access deny block
acl allowsites url_regex -i “/etc/squid/allowedsites.acl”
http_access allow Home allowsites
http_access deny all
…
In /etc/squid/blockedsites.acl, I listed strings that when contained in a url will not be permitted. In /etc/squid/allowedsites.acl, I listed domain name strings that are allowed. For example, “.mozilla.org”. Then, if I want to allow to all sites except those listed in the blockedsites.acl, I just add “.”. to the allowedsites.acl.
Sample /etc/squid/blockedsites.acl:
…
myspace.com
youtube.com
…
Sample /etc/squid/allowedsites.acl:
…
.
…
This will allow users to go to all sites but myspace and youtube.
However, in this sample /etc/squid/allowedsites.acl:
…
.google.com
…
Users will only be allowed to go to google.com.
Authentication information: Use your full pacbell.net mail address. This is needed for both pop and smtp. And here is the gotcha, NO encryption of any kind! Good thing I don’t use mine for anything more than testing.
postoffice.pacbell.net port 110
smtpauth.sbcglobal.net port 25
No SSL boxes checked.
mount -t smbfs //username:password@servername/sharename /mountpoint
The following works to perform a network trace for 1 hour (-a duration:3600) and to create multiple files of 10MB in size (-b filesize:10240). Files will have a “test” (-w test) prefix. The “-p” is to capture in promiscus mode. This uses less system resources than trying to achieve the same thing using the wireshark gui.
dumpcap -a duration:3600 -b filesize:10240 -w test -p
To merge all the captures in one file:
mergecap -w bigfile littlefiles
For example:
mergecap -w all.cap one.cap two.cap etc.cap
Or:
mergecap -w all.cap small*.cap
To use tshark (installed with wireshark) to filter a capture without using the GUI (much more efficient):
tshark -R “anydisplayfilters” -r inputfilename -w outputfilename
For example, here are two display filter examples. They are similar to the ones used in wireshark GUI. I kept trying to tcpdump filters, which work fine for capturing.:
tshark -R “ip.addr == 192.168.34.51” -r in.cap -w out-filtered.cap
tshark -R “ip.addr == 192.168.34.0/24” -r in.cap -w out-filtered.cap
Filter notes:
How to filter a time range:
(frame.time >= “mmm dd, yyyy hh:mm:ss”) && (frame.time <= "mmm dd, yyyy hh:mm:ss")