[an error occurred while processing this directive] [an error occurred while processing this directive]
[an error occurred while processing this directive] [an error occurred while processing this directive]
;) Packet-Securitydot com
[an error occurred while processing this directive] [an error occurred while processing this directive]

Papers By Bagarre:

  • Intro to PGP
  • Chris Snell give a good explaination of what Pretty Good Privacy is and how it works.

  • Intro to Pseudo Code
  • A good read on the basics of pseudo code and program management.

  • I'd rather be fragging
  • Bypassing those Linksys boxes, some ACLs and tons of other fun stuff.

  • The Art of Wardialing
  • A lost art? Not worth exploring? I think not.

  • deny, Deny, DENY
  • If you didn't say it could come in, it shouldn't. This will be a discussion on router ACLs and the construction of a DMZ.

  • OPP Other People's Passwords
  • How do you get your users to use good passwords? How important is it?

  • The Enemy Within
  • Do you trust your users? Should you? The internal threat is real and needs to be addressed with written policy, permissions and well planned grouping.

  • Who's Watching Who?
  • The intruder is no doubt looking at your traffic. You should too. How will you know what's not normal if you've never seen your normal traffic on the wire?

      [an error occurred while processing this directive]
    [an error occurred while processing this directive]
    [an error occurred while processing this directive]
    The PB&J of Code Writing
    By: Bagarre
    [an error occurred while processing this directive]
    Loading Document
    If the page does not load, click here.
    [an error occurred while processing this directive] [an error occurred while processing this directive]

    I've had a few people ask me to put together a page or two on 'how to write programs'. This is my best effort to that end. It started as an intro to Pseudo Code but seems to have drifted into project management a little. The end examples are obviously PERL influenced but, I don't think that's a bad thing. If anyone wants to use this document in part or whole, feel free as long as you leave my name and packet-security at the top. Give credit where it's due.

    Define Pseudo Code (pcode): A logical progression of steps or procedures to achieve a desired end. You do not have to know a specific programming language to write pcode. Pcode can be taken by a programmer and turned into real code. I call it PB&J coding because, the very first thing I made in pseudo code was a Peanutbutter and Jelly sandwich in 8th grade. It was our intro to writing AtariBASIC. The lesson was quite an eye opener to me. I still remember the teacher up there, trying to get peanutbutter out of a jar with the lid still on because we forgot to write "Open Peanutbutter_jar" into the code :) [an error occurred while processing this directive] [an error occurred while processing this directive]

    Before we get into writing anything that resembles code, there are a few things that need to be addressed. Most are pretty obvious but, some I have learned the hard way. Also, when going thru this document, keep in mind that I have no 'formal' programming skills. The only classes I have taken were long ago (AtariBASIC - 8th grade, PASCAL - 10th grade, FORTRAN - College). I am self taught in PERL. The first few topics below are more of a 'Lessons Learned' but will come in very handy.

    Set a Goal(s) for the program: What do you want the program to do? "I need it to read from this file, pull out these things from each line and if this thing matches that thing, do these things." Before you start, know what it is that needs to be accomplished. Duh! Well, this may be more complicated than you think depending on how many things you want to accomplish, the number of other programs that need to make use of your product. What 'operational' considerations there are and definately how many other people are providing input to the project. Write down the Goal, put it in your initial comments and don't loose sight of it. Programs may have several goals and you may only be responsible for one or some of these. [an error occurred while processing this directive] [an error occurred while processing this directive]

    Define big steps needed: These are your broad strokes. My first major program, DAMM (David's Automated Modem Manager) was drafted on the back of a napkin at a local bar. No one else is going to see this. It's your initial thoughts of how the procedures will go. Trust me, they will change several times.

    Break big steps into smaller ones: This step usually requires your favorite text editor or a paper and pencil. You want to take those broad strokes off the napkin and give them a little more structure. Don't worry about syntax or spelling or even profanity. This is still just for you. It's still pretty conversational at this point with some tabs and arrows to give it flow. If you need to type out a paragraph right in the middle of a tabbed layout because you don't know how else to explain it, do it.

    Define required objects: Don't re-invent the wheel. If you need to make a socket connection, don't try to build it. Just give the paramaters needed to build it. Remember, this is Pcode.

    Listen on TCP port 1055
    Call 192.168.1.20 on TCP port 1056
    Open somefile.txt for reading as 'FILE1' ...
    [an error occurred while processing this directive] [an error occurred while processing this directive]

    Find any repeated tasks: If you like it twice, you'll hate it ten times. Make subroutines. Subroutines are mini programs. Call the subroutine, give it info (if needed) and it will provide info back or just complete the tasks in the background. A general rule is, if you have to do it more than twice and it's more than 5 lines long, make it a subroutine. Also, check around to see if someone else hasn't already written something that does a similar task. There are plenty of sites available on the Internet that can assist in pointing a coder in the right direction. In DAMM, I was constantly checking IP addresses of the local machine. A friend at work (Reed Smith) had already written a nice little subroutine that returned the IP of whatever interface you asked for. I stuck it into my software and saved myself a little time. [an error occurred while processing this directive] [an error occurred while processing this directive]

    List known items you will work with: What do you know? What information is available that will help you perform this task? Do we have to ask the user to provide anything? Define as much of these as possible before you forget something. In PERL, variables are prefixed with a dollar($) sign. This makes them real easy to spot.

    $search_pattern = "myname"
    $file_to_look_in = "somefile.txt"
    $file_to_print_to = STDIN (explained later)
    Variables can have letters and numbers but no spaces. Don't be afraid to get creative with your variable names. It will only help you later. $name_from_read_file is alot easier to figure out than $namefmfile. I was (read I am) notorious for using single, three letter variables for multiple uses. This is bad. In DAMM, I think I used $foo and $bar for a dozen different things (some back to back). On a good note, it did force me to learn how to use a debugger ;) It was the only way I could trace a logic error because I had no idea what $foo was suposed to be at the time of the error. Had I used separate vaiables for each item, I would have never had to worry about phone numbers getting thrown into my ISP name ARRAY or trying to dial 1Att+2 as a phone number.
    Iris.pl (the last program I wrote) is 5500+ lines long and has over two pages of variable initialization and a comment explaining what each one is used for. Plus, the names are alot more descriptive. It still has some bad habits but, it's a damn sight cleaner than DAMM :) [an error occurred while processing this directive] [an error occurred while processing this directive]

    Parameters of the Input and Output: How does it need to be read? By human, from the screen, to or from a file? Are other programs having to communicate with the program or use its output? How will the other program get the information from your program? Will it need to be saved as a tabbed or comma delimited text file or will it be incorporated into a database? Do you have to listen on a network socket and provide data that way? Do you have to use another program's output? In what format is that data written? Most programs are cute but rather useless by themselves. Yours may be one program in a whole suite of others and, if you don't adhere to a preset output format (Or decide on an output format before starting) all kind of errors and headaches will occur. Set up a format and stay with it. If there is a format already in place, don't change it without the other programmers knowing it. A single tab or dash in your output can possibly break dozens of lines in dozens of other programs that rely on the same file. [an error occurred while processing this directive] [an error occurred while processing this directive]

    Use constant Structure: Don't conversate with the programmer unless it's in comments. (Yes, Pcode uses comments too.) Pcode does have a syntax to it. Remember to be consistent with the structure, spelling, and capitalization ect...

      Here is a list of common elements you should learn:
    • Comment: Prefix line with # or Block text with /* and */
    • IF: If this is true, do the following. Close with ENDIF
    • ELSE: Used with IF. When the "IF" statement isn't true, do this. Placed before ENDIF.
    • ELSEIF: Used when there are more than one "IF" condition that is checked for. Placed before the ENDIF and above the ELSE.
    • WHILE: Used to repeat a group of tasks as long as a condition is true. Closed with the "ENDWHILE"
    • OPEN: Open a file, device, socket. Needs the file, device, socket data and a "HANDLE" or nickname. Once you OPEN something, you will always refer to is as the HANDLE.
    • CLOSE: Close a handle that was opened with OPEN
    • PRINT: Used to print something to a handle you have opened. If no handle is provided, the print will go to your standard output (STDOUT) which should be your screen. Try to use a handle whenever possible to avoid confusion as to where output will be printed. Enclose what you want to print within quotes.
    • SUB: Defines the beginning of a subroutine. Close with ENDSUB. Within a subroutine, some options could be:
      • ARG: A value that was sent to the subroutine. If you send more than one, separate them with [] ie: ARG[0] is the first value, ARG[1] is the second value.... Remember computers count 0 as the first number.
      • RETURN: This is the value you want to give back. Thus, a subroutine can be used to fill a variable.
      • ALL_OTHER_COMMANDS
    [an error occurred while processing this directive] [an error occurred while processing this directive]
    Let's start a practice program:

    Problem and Program Goal:

    We have a file that contains a bunch of user information. Names, phone numbers, addresses and favorite color. I only want a few things from this list; Name, phone number and zip code of those people that have a favorite color of blue. These few items need to be written into another file that the user will define when they run the program. We have another program at work that collects phone numbers and last names (numbergrabber.pl) so I need to make my output compliant to it's requirements but, at the same time, I need to be able to read it myself.

    • Input/Output Paramaters:
      The source file is tab delimited (more or less) like this:
      LastName FirstName Phone Street_Address-City, State Zipcode Fav_Color
      LastName FirstName Phone Street_Address-City, State Zipcode Fav_Color
      LastName FirstName Phone Street_Address-City, State Zipcode Fav_Color
      LastName FirstName Phone Street_Address-City, State Zipcode Fav_Color
    • numbergrabber.pl reads names and numbers off of tabs as well:
      LastName, FirstName Phone
      LastName, FirstName Phone
      LastName, FirstName Phone
    • In order to allow numbergrabber.pl to be able to use my files, I have to keep it's format and add other fields to the end:
      LastName, FirstName Phone Zipcode
      LastName, FirstName Phone Zipcode
      LastName, FirstName Phone Zipcode

    [an error occurred while processing this directive] [an error occurred while processing this directive] Broad Strokes:
    1. Ask user for file to output to
    2. Open output file
    3. Open Sorce file
    4. While reading the source file, grab these elements where favorite color is blue: Name, Number and Zipcode
    5. Print stuff grabbed to output file. (Append or create new file)
    6. Close both files.
    [an error occurred while processing this directive] [an error occurred while processing this directive] Break big steps into smaller ones
    1. Ask user for file to output to
      • Name variable $user_defined_output
    2. Open output file
      • Name handle 'OUTPUT_FILE'
    3. Open Sorce file
      • Predefined in script or another user variable
      • Name handle 'INPUT_FILE'
      • While reading source file in, grab Name, Number and Zipcode, Get name, number,
        • WHILE INPUT_FILE
        • Figure out what to split the line up on. Fields are tabbed, spaced and comma delimited so, we'll have to split this in a few steps.
        • First step is to SPLIT on the tabs (\t) and put them in three groups:
          $full_name, $full_address and $favorite_color
        • Next, we have to SPLIT up $full_name on the space (\s) to get $first_name and $last_name
        • The $zipcode and $phone_number can be SPLIT from $full_address using the spaces and taking the first and last element of the split (more later)
        • Favorite Color is fine the way it is.
      • Now that we have the variables we need, we can set up the IF condition
        • IF $favorite_color is "blue"
      • Print stuff grabbed to output file.
        • PRINT OUTPUT_FILE "$last_name, $first_name $phone_number $zipcode"
    4. Close both files
    [an error occurred while processing this directive] [an error occurred while processing this directive]
    And Finaly, the Pcode:
    This is commented alot to help explain each line of pcode
    I wanted this to look a lot better but, I guess my html kung-foo isn't as good as I thought. :)

    #! PCODE ref dmr-0001
    # This program will read thru 'roster_list.txt' and extract Names,
    # numbers and zip codes of those people that have a fovorite color of blue.
    # This program's output (user defined) is compliant with numbergrabber.pl
    # Requirements.
    # PCODE written by David Ross
    # 20 Feb 2003
    /* (Block Comment)
    Variables Used:
    $user_defined_output
    $full_name
    $first_name
    $last_name
    $phone_numbers
    $full_address
    $zipcode
    $favorite_color
    Handles Used
    OUTPUT_FILE and INPUT_FILE
    */

    PRINT STDOUT "Please enter file name for program output:"
    # STDOUT is Standard Out (your screen)

    $user_defined_output = STDIN
    # STDIN is Standard In or, your keyboard

    OPEN for APPEND $user_defined_output as OUTPUT_FILE
    OPEN for READ roster_list.txt as INPUT_FILE
    # Remember to state if you are opening the file for 'READ'
    # 'OVERWRITE' or 'APPEND" and give it a descriptive handle

    WHILE INPUT_FILE
    #We go thru the file line by line until we reach the end.
    # Then we exit with ENDWHILE

    $full_name, $phone_number, $full_address, $favorite_color from SPLIT on "TAB"
    # It is understood that what we are splitting is the last line # we read in from the WHILE loop

    $first_name, $last_name from SPLIT on "SPACE" $full_name
    # For this split, we have to tell them what variable to split up.

    $zipcode from SPLIT on "SPACE" $full_address (LAST element)
    # This split will give us a bunch of things to choose from
    # so, we have to tell them which on to use


    IF $favorite_color is "blue" PRINT OUTPUT_FILE "$last_name, $first_name $phone_number $zipcode(ENTER)"
    # Remember to give the handle of where you want to print
    # out your stuff! Until you learn metacharacters, you can do thinsg like:
    # (SPACE) (TAB) (ENTER) instead of \s \t \n and the rest of them

    ENDIF
    ENDWHILE
    # Don't forget to close your loops and conditions

    CLOSE INPUT_FILE
    CLOSE OUTPUT_FILE
    EXIT
    # Tada! Notice there is only one step per line. A coder can now take this and turn it into a cute little PERL program.

    [an error occurred while processing this directive] [an error occurred while processing this directive]

    The final PERL program

    #!/usr/bin/perl
    # REF dmr-0001
    print "Enter file for output:\n";
    $user_defined_output = <STDIN>;
    open (OUTPUT_FILE ">> $user_defined_file") || die "Can't open $user_defined_file\n";
    open (INPUT_FILE "roster_list.txt") || die "Can't open $roster_list\n";
    while (INPUT_FILE) {
    ($full_name, $phone_number, $full_address, $favorite_color) = split /\t/, $_;
    if ($favorite_color eq "blue") {
      ($first_name, $last_name) = split /\s/, $full_name;
      $zipcode = (split /\s/, $full_address)[-1];
      print OUTPUT_FILE "$first_name, $last_name\t$phone_number\t$zipcode\n";
      } # close if favorite_color
    } # close while (INPUT_FILE)
    close INPUT_FILE;
    close OUTPUT_FILE;
    exit;


      -Bagarre

    [an error occurred while processing this directive] [an error occurred while processing this directive]

    Loading Document
    If the page does not load, click here.

    Google Packet-Security.com
    [an error occurred while processing this directive]
    [an error occurred while processing this directive]