Difference between pages "Tutorials/Tutorial: Packets don't lie: how can you use tcpdump/tshark (wireshark) to prove your point." and "Airport Arrivals and Departures"

From LCA2016 Delegate wiki
(Difference between pages)
Jump to: navigation, search
 
 
Line 1: Line 1:
===PREREQUISITES===
+
== Shuttle services ==
Please note that this is a tutorial, not a talk.
+
You should have tcpdump and  wireshark INSTALLED and do some captures BEFORE you come to the tutorial.
+
To find wireshark packages do something like this:
+
<pre>
+
#archlinux
+
pacman -Ss wireshark tcpdump
+
#debian
+
apt-cache search wireshark tcpdump
+
#fedora
+
yum search wireshark tcpdump
+
</pre>
+
Please install both GUI and CLI packages.
+
  
Please add the user you are going to run wireshark/tshark as to the 'wireshark' user group.  
+
[http://gull.com.au/ Gull bus services] operate a [https://bookings.gull.com.au/GUNewHome/EZBookingCheckStops.asp?TravelType=OneWay&sStopFrom=GEELONG&sDate=05/02/2016&sStopTo=MELBOURNE+AIRPORT&rDate=05/02/2016&AdultCount=2&ChildCount=0&SeniorCount=0&Family4Count=0&Family5Count=0&ExcessItemCount12=0&ExcessItemCount8=0&btnSubmit=Book+Your+Trip regular service] from Geelong to the Melbourne airport.
<pre>
+
gpasswd -a james wireshark
+
</pre>
+
After this user 'james' will need to log out and log in again!
+
  
 +
(please extend)
  
If that still DOESN'T work,  you might want to add a capability. Do it ONLY if you are still unable to do capture.
+
==Arrivals==
<pre>
+
setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap
+
</pre>
+
  
When finished, have a look around at what files came with the package:
+
===Saturday 30th January 2016===
<pre>
+
tcpdump --version
+
tshark --version
+
</pre>
+
List binaries that came with the packge (example is for archlinux, for rmp-like do 'rpm -ql wireshark', for debian 'dpkg -L wireshark')
+
<pre>
+
pacman -Ql wireshark-cli|grep bin
+
wireshark-cli /usr/bin/androiddump
+
wireshark-cli /usr/bin/capinfos
+
wireshark-cli /usr/bin/captype        #same as 'capinfos -t'
+
wireshark-cli /usr/bin/dftest        #display filter byte-code for debugging
+
wireshark-cli /usr/bin/dumpcap        #can write files
+
wireshark-cli /usr/bin/editcap        #snaplenth, or split into multiple based on time, number of packets, adjust time
+
wireshark-cli /usr/bin/idl2wrs
+
wireshark-cli /usr/bin/mergecap
+
wireshark-cli /usr/bin/randpkt        #creates a legitimate EthernetII packet with the given Type field set
+
wireshark-cli /usr/bin/rawshark      #cannot write files, only to standard output
+
wireshark-cli /usr/bin/reordercap    #part of the functionality of the editcap
+
wireshark-cli /usr/bin/text2pcap      #hexdump -> pcap
+
wireshark-cli /usr/bin/tshark
+
wireshark-cli /usr/include/wireshark/epan/dissectors/packet-ypbind.h
+
wireshark-cli /usr/share/wireshark/radius/dictionary.bintec
+
  
</pre>
+
* NZ891, arr. MEL 08:05
 +
** Andrew Sands
 +
* QF415, arr. MEL 09:35
 +
** Jussi Pakkanen
 +
* NZ123, arr. MEL 10:35
 +
** Simon Lyall (plus one)
 +
** [https://twitter.com/LGnome Adam Harvey]
 +
* VA314, arr. MEL 11:15
 +
** Jamie Bainbridge
 +
** Kimberley Manning
 +
* QF611, arr. MEL 11:20
 +
** Joel Addison
 +
** Ben Stevens
 +
* QF762, arr. MEL 14:35
 +
** Trent 'lathiat' Lloyd
 +
* QF2139, arr. MEL 14:50
 +
** Paul E. McKenney
 +
* VA218, arr. MEL 15:30 (delayed from 13:25)
 +
** Clancy Cunningham
 +
* QF797, arr. MEL 15:45
 +
** Ian Cunningham
 +
* VA682, arr. MEL 18:13 (delayed from 15:45)
 +
** James 'Ender' Brown
 +
* QF772, arr. MEL 16:40
 +
** Cameron Tudball
 +
* QF154, arr. MEL 17:15
 +
** Steven Ellis
 +
** Cherie Ellis
 +
* NZ125, arr MEL 17:30
 +
** [[User:Dhawke@oss.co.nz|Dan Hawke]]
 +
* VA7425, arr. MEL at 17:30
 +
** [[Liz Quilty]]
 +
* VA334, arr. MEL 18:15
 +
** [http://www.humbug.org.au/RussellStuart Russell Stuart]
  
=Capturing=
+
===Sunday 31st January 2016===
====browsing exercise ====
+
* KL3946, arr. MEL 07:00
# start capturing
+
** Karl-Johan Karlsson
# navigate your browser to linux.conf.au
+
** Camilla Eidem Blomberg
# navigate your browser to google.com
+
* NZ0891, arr. MEL 08:05
# navigate your browser to xxxxxxx (your choice)
+
** [[User:Chris@cje.net.nz|Christopher Edsall]]
 +
* NZ855, arr. MEL 08:20
 +
** Eugene Venter
 +
* MH149, arr. MEL 08:45
 +
** [https://twitter.com/masayukig Masayuki Igawa]
 +
* JQ162, arr. MEL 08:50
 +
** Dave Aldridge
 +
** James Parker
 +
** Garming Sam
 +
** Grant McLean
 +
* QF94, arr. MEL 09:05
 +
** Matthew Hiltner
 +
* UA98, arr. MEL 09:25 (40 mins ahead of schedule, due in 0845hrs)
 +
** Casey Schaufler
 +
** [https://twitter.com/vavroom Nicolas Steenhout]
 +
** [https://twitter.com/marc_etienne_ Marc-Etienne M.Léveillé]
 +
** Jonathan Corbet
 +
**  Ryan Sickle
 +
* <span style="color: #e67300;">JQ603, arr. '''AVV''' 09:30</span>
 +
** Matthew Wilcox
 +
* <span style="color: #0000ff;">JQ603, arr. '''AVV''' 09:30</span>
 +
** [https://twitter.com/jeremyvisser Jeremy Visser]
 +
** Peter Chubb
 +
* VA820, arr. MEL 10:05
 +
** Benno Leslie
 +
* JQ702, arr. MEL 10:15
 +
** [https://keybase.io/mjec Michael Cordover]
 +
* NZ123, arr. MEL 10:35
 +
** Simon Green
 +
** David Zanetti
 +
** Glen Ogilvie
 +
* JQ561, arr. MEL 10:35
 +
** Charelle Collett
 +
* QF1502, arr. MEL 10:55
 +
** [https://twitter.com/johndalton John Dalton]
 +
* NZ895, arr. MEL 11:00
 +
** Chris Cormack
 +
** Russell Smithies
 +
** Jim Cheetham
 +
* VA262 from CBR, arr. MEL 11:10
 +
** [http://mabula.net/ Paul Wayper]
 +
** [http://hugh.blemings.id.au/ Hugh Blemings]
 +
* QF611, arr. MEL 11:20
 +
** Jared Ring
 +
* VA214, arr. MEL 11:25
 +
** Josh Driver
 +
** Stephen M
 +
* QF763, arr. MEL 11:30
 +
** Aeriana
 +
** [[User:jessica@itgrrl.com|Jessica Smith]]
 +
* QF423, arr. MEL 11:35
 +
** Ewen McNeill
 +
* VA830 (DL7269), arr. MEL 11:35
 +
** Keith Packard
 +
** Casey West
 +
* VA1321, arr. MEL 11:45
 +
** [https://twitter.com/JackScottAU Jack Scott]
 +
* QF680  arr. MEL 12:20
 +
** [[User:Dns@dns.id.au|Daniel Sobey]]
 +
* QF427, arr. MEL 12:35
 +
** Dong Ma
 +
** [https://twitter.com/mooeypoo Moriel Schottlender]
 +
* VA218, arr. MEL 13:25
 +
** [https://twitter.com/AzMoo Matt Magin]
 +
* QF682, arr. MEL 13:35
 +
** Cary D
 +
** Phil Ingram
 +
* JQ511, arr. MEL 13:35
 +
** [https://twitter.com/legoktm Kunal Mehta]
 +
* QF431, arr. MEL 13:35
 +
** Kennedy Skelton
 +
* VA1323, arr. MEL 14:00
 +
** [https://twitter.com/tserong Tim Serong]
 +
** [https://www.scriptforge.org/faulteh Scott Bragg]
 +
* QF2139, arr. MEL 14:05
 +
** Joshua Rich
 +
* VA324, arr. MEL 14:15 (Tullamarine)
 +
** [https://openstem.com.au/ Arjen Lentz]
 +
** Joe Robinson
 +
** Brian Moss
 +
** Alexandra Settle
 +
** [https://twitter.com/lhovo Luke Hovington]
 +
* QF0617, arr. MEL 14:20 (Tullamarine)
 +
** Darryl Bond
 +
** Gagandeep Arora
 +
* QF0762, arr. MEL 14:30
 +
** [https://twitter.com/kyerussell Kye Russell]
 +
* QF435, arr. MEL 14:35
 +
** Brendan O'Dea
 +
* VA842, arr. MEL 14:35
 +
** James Polley
 +
* QF881, arr. MEL 15:00
 +
** Ben Martin
 +
* JQ977, arr. MEL 15:00
 +
** Andrew Cooks
 +
* VA326, arr. MEL 15:15
 +
** Brad Marshall
 +
** Marco Ostini +1
 +
* QF619, arr. MEL 15:20
 +
** Ian Burns
 +
** Dion Hulse
 +
* QF686, arr. MEL 15:25
 +
** Tim S
 +
* VA272, arr. MEL 15:40
 +
** Michael Carden
 +
** Neill Cox
 +
** [http://m0les.com Miles Goodhew]
 +
** Nick Rollings
 +
* QF815, arr. MEL 16:10
 +
** Simon Fowler
 +
* VA328, arr. MEL 16:15
 +
** [https://twitter.com/StefanGotz Stefan Götz]
 +
* QF443, arr. MEL 16:35
 +
** Peter Howard
 +
** Tibor Bece
 +
* <span style="color: #0000ff;">JQ607, arr. '''AVV''' 17:00</span>
 +
** Peter Vesely
 +
** Thomas Chung
 +
** Greg Kopff
 +
** Stefan Krist
 +
** Tobin Harding
 +
* QF0772, arr. MEL 17:00
 +
** [https://twitter.com/Techman_83 Leon Wright]
 +
* VA854, arr. MEL 17:05
 +
** [https://twitter.com/DrJosh9000 Josh Deprez]
 +
** Robert Mibus
 +
* QF154 arr MEL 17:15
 +
** Glenn Enright and partner
 +
* JQ779 arr. MEL 17:15
 +
** Trevor Drake
 +
* NZ0125, arr. MEL 17:30
 +
** Rodger Donaldson
 +
* QF447, arrive at Tullamarine at 17:35
 +
** Matthew Ames
 +
* QF692, arr. MEL 17:45
 +
** [https://twitter.com/clawsicus Chris Laws]
 +
** Jerry Vanicky
 +
** Chris Sincock
 +
* VA101, arr. MEL 17:50
 +
** Andrew Mitchell
 +
* EY460, arr. MEL 18:30
 +
** [[Katie_Miller|Katie Miller]]
 +
** Andreas Frisch
 +
* TT263, arr. MEL 19:00
 +
** [https://twitter.com/ceralena Cera Davies]
 +
* QF0459 arr MEL 19:35
 +
** [https://twitter.com/thsutton Thomas Sutton]
 +
** Will Rouesnel
 +
** Justin Lynn
 +
** Peter Ericson
 +
* <span style="color: #0000ff;">JQ609, arr. '''AVV''' 20:00</span>
 +
** Jamie Wilkinson
 +
* TG461, arr. MEL 21:20
 +
** [https://twitter.com/mukherjee_atin Atin Mukherjee]
 +
** Vivia Nikolaidou
 +
** Sebastian Dröge
 +
* VA830 (DL7269), arr. MEL 11:35
 +
** Rikki Endsley
  
====have a look at the capture files that you generated====
+
===Monday 1st February 2016===
<pre>
+
* VA1313, arr. 7:15 MEL Terminal 3
capinfos -T *.pcap{,ng}
+
** Jamie Lennox
</pre>
+
* QF1529, arr. 9:50 MEL Terminal 1
==capture interfaces==
+
** Ben Herrenschmidt
<pre>
+
* QF609, arr. 10:20 MEL Terminal 1
tcpdump -D
+
** [https://twitter.com/sjpwong Simon Wong] (Using Gull Airport Services to transfer to Geelong)
tshark -D
+
* NZ123, arr. 10:35 MEL Terminal 2
# try with no interface
+
** Doug Thompson
tshark
+
* JQ509, arr. 12:20 MEL Terminal 4
</pre>
+
** Ruth Suehle
 +
* QF461, arr. 10:30 MEL
 +
** Rob Garth
  
==capturing on the CLI==
+
==Departures==
 +
===Friday 5th February 2016===
 +
* QF440, MEL Terinal 14:30
 +
** Rob Grth
 +
* <span style="color: #0000ff;">JQ610, dep. '''AVV''' 20:30</span>
 +
** Tobin Harding
 +
** Brendon Body
 +
* NZ126, Dep MEL 18:40
 +
** Doug Thompson
 +
* QF701, dep. MEL 20:15
 +
** Phil Ingram
 +
** [https://twitter.com/clawsicus Chris Laws]
 +
** Jerry Vanicky
 +
** Chris Sincock
  
tcpdump can autostop after certain number of packets has been captured. tshark has addinionally duration, filesize and number of files autostop conditions.
+
===Saturday 6th February 2016===
What if we want to have a permanent capture running and keep last N days of the logs?
+
* JQ163, dep. MEL 00:45
<pre>
+
** Martin Krafft
tshark -b duration:2 -n -wevery2sec.pcapng & watch -n 1 ls -l
+
** edunham
tshark -b duration:2 -n -wevery2sec.pcapng -a files:5  & watch -n1 ls -l
+
* VA 819 (DL7270), dep. MEL 08:00
tshark -b duration:3600 -n -weveryHour.pcapng -b files:24
+
** Keith Packard
tshark -a filesize:1024 -n -w1MiB.pcapng
+
* JQ602, dep. AVV 06:00
</pre>
+
** Greg Kopff
=expert info=
+
* <span style="color: #0000ff;">JQ604, dep. '''AVV''' 09:05</span>
==GUI==
+
** [https://twitter.com/jeremyvisser Jeremy Visser]
-r <pcap file>
+
* NZ722, dep MEL 08:45
-J  <jump filter>
+
** [[User:Dhawke@oss.co.nz|Dan Hawke]]
          After reading in a capture file using the -r flag, jump to the packet matching the filter (display
+
* QF418, depart Tullamarine 09:00
          filter syntax). If no exact match is found the first packet after that is selected.
+
** Matthew Ames
 +
* NZ898, dep, MEL 09:05
 +
** Jim Cheetham
 +
* VA679, dep. MEL 09:15
 +
** Andrew Cooks
 +
* JQ508, dep. MEL 09:45
 +
** Ruth Suehle
 +
* VA219, dep. MEL 10:10
 +
** Clancy Cunningham
 +
* TT524, dep. MEL 11:15
 +
** Simon Green
 +
* UA99, dep. MEL 11:25
 +
** [https://twitter.com/marc_etienne_ Marc-Etienne M.Léveillé]
 +
** Elizabeth K. Joseph
 +
** John Dickinson
 +
* VA323, dep. MEL 11:00 (Tullamarine)
 +
** [https://openstem.com.au/ Arjen Lentz]
 +
** Lawrence Muir
 +
* UA99, dep. MEL 11:25
 +
** [https://twitter.com/vavroom Nicolas Steenhout]
 +
** Casey Schaufler
 +
** Jonathan Corbet
 +
** [https://twitter.com/legoktm Kunal Mehta]
 +
* NZ124, dep. MEL 11:50
 +
** Benno Rice
 +
** Grant McLean
 +
* QF2138, dep. MEL 11:55
 +
** Andrew Bartlett
 +
** Ben Herrenschmidt
 +
* VA327, dep. MEL 12:00 to BNE
 +
** Brad Marshall
 +
** Joe Robinson
 +
** Alexandra Settle
 +
** [http://mabula.net/ Paul Wayper]
 +
* QF430, dep. MEL 12:00
 +
** [https://twitter.com/glasnt Katie McLaughlin]
 +
* QF616, dep. MEL 12:05
 +
** Ian Burns
 +
* VA223, dep. MEL 12:10
 +
** Matt Magin
 +
* VA1593, dep. MEL 12:20
 +
** Jamie Lennox
 +
* QF812, dep. MEL 13:15
 +
** Simon Fowler
 +
** Aeriana
 +
* JQ574, dep. MEL 13:20
 +
** Charelle Collett
 +
* VA271, dep. MEL 13:20
 +
** Michael Carden
 +
** [http://m0les.com Miles Goodhew]
 +
* QF685, dep. MEL 13:35
 +
** Cary D
 +
* QF438, dep. MEL 14:00
 +
** Brendan O'Dea
 +
* QF620, dep. MEL 14:05
 +
** Jared Ring
 +
* MH148, dep. MEL 14:50
 +
** [https://twitter.com/masayukig Masayuki Igawa]
 +
* VA853, dep. MEL 15:00
 +
** [https://twitter.com/DrJosh9000 Josh Deprez]
 +
** James Polley
 +
** Robert Mibus
 +
* VA333, dep. MEL 15:00
 +
** [https://twitter.com/lhovo Luke Hovington]
 +
* QF1505, dep. MEL 15:25
 +
** [https://twitter.com/johndalton John Dalton]
 +
* <span style="color: #0000ff;">JQ606, dep. '''AVV''' 15:25</span>
 +
** Peter Chubb
 +
** Peter Vesely
 +
** Thomas Chung
 +
** Stefan Götz
 +
* KL3880, dep. MEL 15:55
 +
** Karl-Johan Karlsson
 +
** Daniel Vetter
 +
** Camilla Eidem Blomberg
 +
* VA1328, dep. MEL 16:20
 +
** [https://www.scriptforge.org/faulteh Scott Bragg]
 +
* QF0481, dep. MEL 17:45
 +
** [https://twitter.com/Techman_83 Leon Wright]
 +
* NZ850, depart MEL 18:20
 +
** Garming Sam
 +
** Dave Aldridge
 +
** James Parker
 +
** Paul Gunn
 +
** Russell Smithies
 +
** Eugene Venter
 +
* NZ7912 (a.k.a. VA100), dep. MEL 18:35
 +
** [[User:Chris@cje.net.nz|Christopher Edsall]]
 +
** Andrew Sands
 +
* NZ726, dep. MEL 18:40
 +
** Steven Ellis
 +
** Cherie Ellis
 +
** [https://gracenolan.me/ Grace Nolan]
 +
* VA241, dep. MEL 18:40
 +
** Josh Driver
 +
** Stephen M
 +
* JQ713, dep. MEL 18:55
 +
** [https://keybase.io/mjec Michael Cordover]
 +
* VA1332, dep. MEL 19:40
 +
** [https://twitter.com/tserong Tim Serong]
 +
** [https://twitter.com/JackScottAU Jack Scott]
 +
* QF9, dep. MEL 23:25
 +
** Jussi Pakkanen
 +
* QF796, dep. MEL 09:30
 +
** Ian Cunningham
  
        capinfo
+
===Sunday 7th February 2016===
        lower bottom corner
+
* QF93, dep. MEL 11:20
                expert info
+
** Matthew Hiltner
                file name
+
* VA329, dep. MEL 12:00
                packets, etc
+
** [http://www.humbug.org.au/RussellStuart Russell Stuart]
        statistics -> protocol hierarchy
+
* VA311, dep. MEL 14:00
        statistics -> HTTP -> packet counter
+
** Kimberley Manning
        statistics -> HTTP -> requests
+
* QF620, dep. MEL 14:05
        extract objects
+
** Ben Stevens
        follow TCP stream
+
** Joel Addison
        coloring rules
+
* QF444, dep. MEL 15:30
        Statistics -> IPv4 Statistics ->  Destinations and  Ports
+
** Kennedy Skelton
fields
+
* NZ128 dep MEL 16:05
    delta time
+
** Glenn Enright and partner
   
+
* VA1328, dep. MEL 16:20
==CLI==
+
** James 'Ender' Brown
<pre>
+
* VA337, dep. MEL 17:10
! tshark -q -z ptype,tree
+
** Jamie Bainbridge
! tshark -q -z io,stat,20,eth -q
+
* NZ126, dep. MEL 18:40
! tshark -q -z io,stat,20,http -q
+
** Simon Lyall
! tshark -q -z io,stat,20,,"BYTES()http" -q
+
** David Zanetti
! tshark -q -z http,tree
+
** [[Liz Quilty]]
! tshark -q -z http_req,tree
+
* SQ208, dep. MEL 19:30
! tshark -q -z http_srv,tree
+
** [https://twitter.com/LGnome Adam Harvey]
create a capture file for icmp
+
* QF653, dep. MEL 20:00
! tshark -q -z icmp,srt
+
** Trent 'lathiat' Lloyd
! tshark -q -z io,phs
+
! tshark -q -z io,stat
+
! tshark -q -z ip_hosts,tree
+
! tshark -q -z plen,tree
+
! tshark -q -z endpoints,eth
+
! tshark -q -z endpoints,eth,
+
! tshark -q -z endpoints,ip
+
! tshark -q -z conv,eth
+
! tshark -q -z conv,udp
+
! tshark -q -z conv,tcp
+
! tshark -q -z conv
+
! tshark -q -z expert,error -q
+
! tshark -q -z expert,note -q
+
</pre>
+
  
=DECRYPTING SSL=
+
{{Template:Navigation}}
When a client (for example, a web browser) makes a connection to a web server requiring SSL/TLS encryption - the encrypted channel is setup using a '''symmetric''' session key. This key is a random string generated by the client and then encrypted and transmitted using the servers '''public''' key, known as the ''Pre-master Secret''. Once shared, the client and server use this shared key to encrypt and decrypt traffic.
+
 
+
MacOS users can do: launchctl setenv SSLKEYLOGFILE /tmp/SSLKEYLOGFILE.txt; open -a Applications/Firefox.app
+
 
+
====exercise on decyphering SSL====
+
# <pre>
+
SSLKEYLOGFILE=/tmp/SSLKEYLOGFILE.txt firefox &  tail -f /tmp/SSLKEYLOGFILE.txt
+
</pre>
+
#Navigate to https://google.com
+
#Do some searches
+
#Start capture
+
#Open a new tab and do more searches on google.com
+
#try https://facebook.com or some other web site.
+
 
+
 
+
SSLKEYLOGFILE variable  works for firefox, chromium and any program built with NSS library (Network Security Services).
+
 
+
==display filter==
+
<pre>
+
sack
+
http
+
        ip.src==1.1.1.1 &&      tcp.analysis.retransmission or tcp.analysis.fast_retransmission
+
        http.time >= 0.4
+
        tcp.analysis.rto >= 0.050
+
        http.request.uri == "https://www.wireshark.org/"
+
        http.response.code == 500
+
        tcp.port in {80 443 8080}
+
        #the above is same as:
+
        tcp.port == 80 || tcp.port == 443 || tcp.port == 8080
+
        _ws.expert.severity >= warn
+
                0x1      ok
+
                0x100000 comment
+
                0x200000 chat
+
                0x400000 note
+
                0x600000 warn
+
                0x800000 error
+
 
+
tshark -r /var/tmp/aros.pcapng -e frame.number -e ip.src -e ip.dst -Tfields
+
tshark -r /srv/http/TCP_SACK.cap  -Y frame.number==29 -V
+
tshark -r TCP_SACK.cap -Y 'frame.number>=10' -Y 'frame.number<=15'
+
</pre>
+
==columns==
+
<pre>
+
tshark -r http.pcapng -z follow,tcp,hex,1
+
tshark -e ip.addr -e tcp.window_size -Tfields
+
tshark -r http.pcapng -z follow,tcp,hex,127.0.0.1:59544,127.0.0.1:80
+
tshark -r /srv/http/TCP_SACK.cap  -Tfields -e frame.number -e frame.time_epoch -e ip.src -e ip.dst -e tcp.seq -e tcp.len -e tcp.nxtseq -e tcp.ack  -e tcp.analysis.ack_rtt
+
tshark -r /srv/http/TCP_SACK.cap  -Tfields -e frame.number -e frame.time_epoch -e ip.src -e ip.dst -e tcp.seq -e tcp.len -e tcp.nxtseq -e tcp.ack  -e  tcp.options.sack_le -e tcp.options.sack_re
+
</pre>
+
 
+
=extra=
+
<pre>
+
-d tcp.port==8888,http
+
</pre>
+

Revision as of 09:09, 5 February 2016

Shuttle services

Gull bus services operate a regular service from Geelong to the Melbourne airport.

(please extend)

Arrivals

Saturday 30th January 2016

  • NZ891, arr. MEL 08:05
    • Andrew Sands
  • QF415, arr. MEL 09:35
    • Jussi Pakkanen
  • NZ123, arr. MEL 10:35
  • VA314, arr. MEL 11:15
    • Jamie Bainbridge
    • Kimberley Manning
  • QF611, arr. MEL 11:20
    • Joel Addison
    • Ben Stevens
  • QF762, arr. MEL 14:35
    • Trent 'lathiat' Lloyd
  • QF2139, arr. MEL 14:50
    • Paul E. McKenney
  • VA218, arr. MEL 15:30 (delayed from 13:25)
    • Clancy Cunningham
  • QF797, arr. MEL 15:45
    • Ian Cunningham
  • VA682, arr. MEL 18:13 (delayed from 15:45)
    • James 'Ender' Brown
  • QF772, arr. MEL 16:40
    • Cameron Tudball
  • QF154, arr. MEL 17:15
    • Steven Ellis
    • Cherie Ellis
  • NZ125, arr MEL 17:30
  • VA7425, arr. MEL at 17:30
  • VA334, arr. MEL 18:15

Sunday 31st January 2016

  • KL3946, arr. MEL 07:00
    • Karl-Johan Karlsson
    • Camilla Eidem Blomberg
  • NZ0891, arr. MEL 08:05
  • NZ855, arr. MEL 08:20
    • Eugene Venter
  • MH149, arr. MEL 08:45
  • JQ162, arr. MEL 08:50
    • Dave Aldridge
    • James Parker
    • Garming Sam
    • Grant McLean
  • QF94, arr. MEL 09:05
    • Matthew Hiltner
  • UA98, arr. MEL 09:25 (40 mins ahead of schedule, due in 0845hrs)
  • JQ603, arr. AVV 09:30
    • Matthew Wilcox
  • JQ603, arr. AVV 09:30
  • VA820, arr. MEL 10:05
    • Benno Leslie
  • JQ702, arr. MEL 10:15
  • NZ123, arr. MEL 10:35
    • Simon Green
    • David Zanetti
    • Glen Ogilvie
  • JQ561, arr. MEL 10:35
    • Charelle Collett
  • QF1502, arr. MEL 10:55
  • NZ895, arr. MEL 11:00
    • Chris Cormack
    • Russell Smithies
    • Jim Cheetham
  • VA262 from CBR, arr. MEL 11:10
  • QF611, arr. MEL 11:20
    • Jared Ring
  • VA214, arr. MEL 11:25
    • Josh Driver
    • Stephen M
  • QF763, arr. MEL 11:30
  • QF423, arr. MEL 11:35
    • Ewen McNeill
  • VA830 (DL7269), arr. MEL 11:35
    • Keith Packard
    • Casey West
  • VA1321, arr. MEL 11:45
  • QF680 arr. MEL 12:20
  • QF427, arr. MEL 12:35
  • VA218, arr. MEL 13:25
  • QF682, arr. MEL 13:35
    • Cary D
    • Phil Ingram
  • JQ511, arr. MEL 13:35
  • QF431, arr. MEL 13:35
    • Kennedy Skelton
  • VA1323, arr. MEL 14:00
  • QF2139, arr. MEL 14:05
    • Joshua Rich
  • VA324, arr. MEL 14:15 (Tullamarine)
  • QF0617, arr. MEL 14:20 (Tullamarine)
    • Darryl Bond
    • Gagandeep Arora
  • QF0762, arr. MEL 14:30
  • QF435, arr. MEL 14:35
    • Brendan O'Dea
  • VA842, arr. MEL 14:35
    • James Polley
  • QF881, arr. MEL 15:00
    • Ben Martin
  • JQ977, arr. MEL 15:00
    • Andrew Cooks
  • VA326, arr. MEL 15:15
    • Brad Marshall
    • Marco Ostini +1
  • QF619, arr. MEL 15:20
    • Ian Burns
    • Dion Hulse
  • QF686, arr. MEL 15:25
    • Tim S
  • VA272, arr. MEL 15:40
  • QF815, arr. MEL 16:10
    • Simon Fowler
  • VA328, arr. MEL 16:15
  • QF443, arr. MEL 16:35
    • Peter Howard
    • Tibor Bece
  • JQ607, arr. AVV 17:00
    • Peter Vesely
    • Thomas Chung
    • Greg Kopff
    • Stefan Krist
    • Tobin Harding
  • QF0772, arr. MEL 17:00
  • VA854, arr. MEL 17:05
  • QF154 arr MEL 17:15
    • Glenn Enright and partner
  • JQ779 arr. MEL 17:15
    • Trevor Drake
  • NZ0125, arr. MEL 17:30
    • Rodger Donaldson
  • QF447, arrive at Tullamarine at 17:35
    • Matthew Ames
  • QF692, arr. MEL 17:45
  • VA101, arr. MEL 17:50
    • Andrew Mitchell
  • EY460, arr. MEL 18:30
  • TT263, arr. MEL 19:00
  • QF0459 arr MEL 19:35
  • JQ609, arr. AVV 20:00
    • Jamie Wilkinson
  • TG461, arr. MEL 21:20
  • VA830 (DL7269), arr. MEL 11:35
    • Rikki Endsley

Monday 1st February 2016

  • VA1313, arr. 7:15 MEL Terminal 3
    • Jamie Lennox
  • QF1529, arr. 9:50 MEL Terminal 1
    • Ben Herrenschmidt
  • QF609, arr. 10:20 MEL Terminal 1
    • Simon Wong (Using Gull Airport Services to transfer to Geelong)
  • NZ123, arr. 10:35 MEL Terminal 2
    • Doug Thompson
  • JQ509, arr. 12:20 MEL Terminal 4
    • Ruth Suehle
  • QF461, arr. 10:30 MEL
    • Rob Garth

Departures

Friday 5th February 2016

  • QF440, MEL Terinal 14:30
    • Rob Grth
  • JQ610, dep. AVV 20:30
    • Tobin Harding
    • Brendon Body
  • NZ126, Dep MEL 18:40
    • Doug Thompson
  • QF701, dep. MEL 20:15
    • Phil Ingram
    • Chris Laws
    • Jerry Vanicky
    • Chris Sincock

Saturday 6th February 2016

  • JQ163, dep. MEL 00:45
    • Martin Krafft
    • edunham
  • VA 819 (DL7270), dep. MEL 08:00
    • Keith Packard
  • JQ602, dep. AVV 06:00
    • Greg Kopff
  • JQ604, dep. AVV 09:05
  • NZ722, dep MEL 08:45
  • QF418, depart Tullamarine 09:00
    • Matthew Ames
  • NZ898, dep, MEL 09:05
    • Jim Cheetham
  • VA679, dep. MEL 09:15
    • Andrew Cooks
  • JQ508, dep. MEL 09:45
    • Ruth Suehle
  • VA219, dep. MEL 10:10
    • Clancy Cunningham
  • TT524, dep. MEL 11:15
    • Simon Green
  • UA99, dep. MEL 11:25
  • VA323, dep. MEL 11:00 (Tullamarine)
  • UA99, dep. MEL 11:25
  • NZ124, dep. MEL 11:50
    • Benno Rice
    • Grant McLean
  • QF2138, dep. MEL 11:55
    • Andrew Bartlett
    • Ben Herrenschmidt
  • VA327, dep. MEL 12:00 to BNE
    • Brad Marshall
    • Joe Robinson
    • Alexandra Settle
    • Paul Wayper
  • QF430, dep. MEL 12:00
  • QF616, dep. MEL 12:05
    • Ian Burns
  • VA223, dep. MEL 12:10
    • Matt Magin
  • VA1593, dep. MEL 12:20
    • Jamie Lennox
  • QF812, dep. MEL 13:15
    • Simon Fowler
    • Aeriana
  • JQ574, dep. MEL 13:20
    • Charelle Collett
  • VA271, dep. MEL 13:20
  • QF685, dep. MEL 13:35
    • Cary D
  • QF438, dep. MEL 14:00
    • Brendan O'Dea
  • QF620, dep. MEL 14:05
    • Jared Ring
  • MH148, dep. MEL 14:50
  • VA853, dep. MEL 15:00
  • VA333, dep. MEL 15:00
  • QF1505, dep. MEL 15:25
  • JQ606, dep. AVV 15:25
    • Peter Chubb
    • Peter Vesely
    • Thomas Chung
    • Stefan Götz
  • KL3880, dep. MEL 15:55
    • Karl-Johan Karlsson
    • Daniel Vetter
    • Camilla Eidem Blomberg
  • VA1328, dep. MEL 16:20
  • QF0481, dep. MEL 17:45
  • NZ850, depart MEL 18:20
    • Garming Sam
    • Dave Aldridge
    • James Parker
    • Paul Gunn
    • Russell Smithies
    • Eugene Venter
  • NZ7912 (a.k.a. VA100), dep. MEL 18:35
  • NZ726, dep. MEL 18:40
  • VA241, dep. MEL 18:40
    • Josh Driver
    • Stephen M
  • JQ713, dep. MEL 18:55
  • VA1332, dep. MEL 19:40
  • QF9, dep. MEL 23:25
    • Jussi Pakkanen
  • QF796, dep. MEL 09:30
    • Ian Cunningham

Sunday 7th February 2016

  • QF93, dep. MEL 11:20
    • Matthew Hiltner
  • VA329, dep. MEL 12:00
  • VA311, dep. MEL 14:00
    • Kimberley Manning
  • QF620, dep. MEL 14:05
    • Ben Stevens
    • Joel Addison
  • QF444, dep. MEL 15:30
    • Kennedy Skelton
  • NZ128 dep MEL 16:05
    • Glenn Enright and partner
  • VA1328, dep. MEL 16:20
    • James 'Ender' Brown
  • VA337, dep. MEL 17:10
    • Jamie Bainbridge
  • NZ126, dep. MEL 18:40
  • SQ208, dep. MEL 19:30
  • QF653, dep. MEL 20:00
    • Trent 'lathiat' Lloyd



ATTENDEE TYPE:

Information for Speakers | Information for Delegates | Information for Volunteers | Information for Partners and family

CONFERENCE LIFECYCLE:

Registering for linux.conf.au | Getting to linux.conf.au | Where to stay at linux.conf.au | What to expect at linux.conf.au | What to do at linux.conf.au | What happens after linux.conf.au

HANDY LINKS:

Conference Home | Miniconf_Info | Lightning_talks | Wiki Home | Register | Schedule | OpenStreetMap of Geelong