The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 4,177 other subscribers

Archive for February 16th, 2021

🔎Julia Evans🔍 on Twitter: “ngrep: grep your network!… “

Posted by jpluimers on 2021/02/16

[WayBack] 🔎Julia Evans🔍 auf Twitter: “ngrep: grep your network!… “

So this taught me a new tool and other new things:

  • ngrep – Wikipedia

    ngrep is similar to tcpdump, but it has the ability to look for a regular expression in the payload of the packet, and show the matching packets on a screen or console. It allows users to see all unencrypted traffic being passed over the network, by putting the network interface into promiscuous mode.

    ngrep with an appropriate BPF filter syntax, can be used to debug plain text protocols interactions like HTTPSMTPFTPDNS, among others, or to search for a specific string or pattern, using a grep regular expression syntax.[4][5]

    ngrep also can be used to capture traffic on the wire and store pcap dump files, or to read files generated by other sniffer applications, like tcpdump, or wireshark.

    ngrep has various options or command line arguments. The ngrep man page in UNIX-like operating systems show a list of available options.

  • [WayBack] GitHub – jpr5/ngrep.

    ngrep is like GNU grep applied to the network layer. It’s a PCAP-based tool that allows you to specify an extended regular or hexadecimal expression to match against data payloads of packets. It understands many kinds of protocols, including IPv4/6, TCP, UDP, ICMPv4/6, IGMP and Raw, across a wide variety of interface types, and understands BPF filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.

  • [WayBack] BPF syntax
  • Berkeley Packet Filter – Wikipedia


Read the rest of this entry »

Posted in *nix, *nix-tools, Communications Development, Development, Internet protocol suite, Power User, Software Development, Wireshark | Leave a Comment »

Checking expiration dates for your certbot certificates

Posted by jpluimers on 2021/02/16

I have these two little aliases in my toolbox:

alias "certbot-check-all-by-file=bash <(curl -fsSL --location /etc/letsencrypt/live"
alias "certbot-check-all-by-config=bash <(curl -fsSL --server ISPconfig"

First a big fat warning

do not run just any script downloaded through curl. Plenty of reasons why this is dangerous:

  1. [WayBack] Detecting the use of “curl | bash” server side | Application Security
  2. [WayBack] One way “curl pipe sh” install scripts can be dangerous [proof of concept] / Jordan Eldredge: script content differs depending on user agent
  3. [WayBack] sean cassidy : Don’t Pipe to your Shell: scripts having different behaviour when executed partially
  4. [WayBack] Why using curl | sudo sh is not advised? – Stack Overflow:

    You can proof your scripts against partial execution by putting the whole thing into the body of a function, and executing that function on the last line. If you know a script is defined like that, it’s exactly as secure as downloading and then executing some installer.

The first three can mostly prevented by using your own fork of the script repository, then checking each modification of the script, combined with ensuring your fork location does not throw tricks 1 or 2 on you.

That’s why I run the above alias only from a checkssl fork which I can inspect.

Back to the alias

The aliases use quite a few tricks:

  1. Having curl download a command minimising
    curl -fsSL

    Via: [WayBack] The missing package manager for macOS (or Linux) — The missing package manager for macOS (or Linux)

  2. Running that command through bash as if the download were a file by wrapping wrapping it in parenthesis and a less than sign .
    bash <(curl -fsSL

    Via: [WayBack] linux – Execute bash script from URL – Stack Overflow

  3. Passing arguments to the bash command by appending this to the command just like from the regular command-line:
    bash <(curl -fsSL --location /etc/letsencrypt/live
  4. An alias [WayBack] with double-quotes around the whole statement:
    alias "certbot-check-all-by-file=bash <(curl -fsSL --location /etc/letsencrypt/live"
  5. Either use the certbot configuration file or apache2 (via ISPconfig as the apache2 parameter value is not yet supported) domain configuration:
    alias "certbot-check-all-by-file=bash <(curl -fsSL --location /etc/letsencrypt/live"
    alias "certbot-check-all-by-config=bash <(curl -fsSL --server ISPconfig"

Using source instead of bash

Note that an alternative alias is this one:

alias "certbot-check-all-by-file=(source <(curl -s --location /etc/letsencrypt/live)"

However, that needs an extra set of parenthesis, otherwise you will get bumped out of your current shell.

The reason is that bash runs in a [WayBack] subshell, whereas [WayBack] source (and the equivalent [WayBack] “dot” command .) runs in the current shell, but the script performs a gracefull_exit or error_exit which end in an exit [WayBack] terminating the current shell.

The [WayBack] () parenthesis around the source command ensure it runs in a sub-shell.

In this case, you can still pass the --location /etc/letsencrypt/live parameters, as bash is the only shell allowing this: [WayBack] source – Passing variables to a bash script when sourcing it – Unix & Linux Stack Exchange.


Related [WayBack] Advanced Bash-Scripting Guide topics:

Related cURL options from [WayBack] curl – How To Use:

  • -f: [WayBack] -f, --fail

    (HTTP) Fail silently (no output at all) on server errors. This is mostly done to better enable scripts etc to better deal with failed attempts. In normal cases when an HTTP server fails to deliver a document, it returns an HTML document stating so (which often also describes why and more). This flag will prevent curl from outputting that and return error 22.

    This method is not fail-safe and there are occasions where non-successful response codes will slip through, especially when authentication is involved (response codes 401 and 407).

  • -s: [WayBack] -s, --silent:

    Silent or quiet mode. Don’t show progress meter or error messages. Makes Curl mute. It will still output the data you ask for, potentially even to the terminal/stdout unless you redirect it.

    Use -S, –show-error in addition to this option to disable progress meter but still show error messages.

    See also -v, –verbose and –stderr.

  • -S: [WayBack] -S, --show-errors:

    When used with -s, –silent, it makes curl show an error message if it fails.

  • -L: [WayBack] -L, --location:

    (HTTP) If the server reports that the requested page has moved to a different location (indicated with a Location: header and a 3XX response code), this option will make curl redo the request on the new place. If used together with -i, –include or -I, –head, headers from all requested pages will be shown. When authentication is used, curl only sends its credentials to the initial host. If a redirect takes curl to a different host, it won’t be able to intercept the user+password. See also –location-trusted on how to change this. You can limit the amount of redirects to follow by using the –max-redirs option.

    When curl follows a redirect and the request is not a plain GET (for example POST or PUT), it will do the following request with a GET if the HTTP response was 301, 302, or 303. If the response code was any other 3xx code, curl will re-send the following request using the same unmodified method.

    You can tell curl to not change the non-GET request method to GET after a 30x response by using the dedicated options for that: –post301–post302 and –post303.


Reminder to self: see if JSON output is viable. This commit might help.


Posted in bash, Conference Topics, Conferences, Development, Event, Scripting, Software Development | Leave a Comment »

The magic “procedure Touch(var …” construct

Posted by jpluimers on 2021/02/16

procedure Touch(var Argument);  

I included the above code in my blog a long time ago (2014 in fact: Delphi: always watch the compiler Warnings), but never got around to explain the why and how I got it, why it works and why it will likely work forever.


Ever since the early Delphi days, there are three hints about “never used” of which the second often gets in the way during debugging:

(note that these %s only hold for non-managed types, which I also addressed in Why don’t I get the warning W1036 Variable “‘MyStrings’ might not have been initialized”… and Delphi 10.3 Rio got released; I’ll wait a while hoping to see more positive comments).

Usually the compiler is right, but sometimes it is not: [WayBack] Check your compiler warnings and hints. They may still be errors. | Shiftkey Software Blog

So once every while, you need this workaround:


The solution is to have a method with one untyped var parameter (a var parameter without any type: this way you can pass any field or variable to it) that just does nothing. Often I included only at the place I need it as this single line fragment: procedure Touch(var Argument); begin end;.

Former Delphi compiler engineer and Borland Chief Schientist Danny Thorpe handed this solution, I think it was during or around his famous BorCon99 in Philadelphi (and later BorCon2005 in San Jose) Reading Tea Leaves: The Fine Art of Debugging talk. The talk is not-online, but luckily there are notes and a StackOverflow post:

The session had seemingly simple things like this [WayBack] Shenoy At Work: Set Next Statement in Delphi? with the picture on the right.

Voiding the solution

I’ve seen teams making this method inline, but that voids it. Usually they do not see it as they already resolved the “never used” problem in another way.

Why it still works

Read the rest of this entry »

Posted in Conference Topics, Conferences, Delphi, Development, Event, Software Development | 1 Comment »

%d bloggers like this: