Hello and welcome to the Tuesday, October 11th, 2020 edition of the Sands and at Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Riyadh, Saudi Arabia.

Vyrhark released a new major update, and with that we got some cool features.

The new protocol layout feature that displays layouts inside header diagrams is nice. Had actually a little bit issues with it didn't

look quite ready yet in my experience here on my Mac. But on the other hand, Vyarshark also resolved an issue

that often surprised people

new to Vyarshark and T-Shark.

It's something actually that I just demonstrated

this week in Sec 503 here in our class.

And that's if you are filtering

for an IP header field.

For example, for an IP address, the filter is applied to the actual IP header,

but it's also applied to the IP header embedded in ICMP error messages.

This is actually a cool feature if you, for example, try to link up ICMP error messages with the corresponding packet

that caused the error, but it can also cause some confusion. So the latest version of

Weirshark, Vyarshark 4-0 does have the ability by adding pound 1 or pound 2 to the filter

to distinguish between the actual IP header

and the IP header embedded in an ICMP error message.

And a quick update on the 40 net vulnerability.

Make sure you patch soon.

The Horizon 3 attack team,

which has a history of publishing exploits

...