Howto: extract files from a .msi file

Posted by admin on December 11th, 2009 | 0 comments

Every once in a while I need to extract the content of a .msi file in order to customize a deployment for a particular network environment. Sometimes initializing the .msi installer will temporarily extract the files into C:\Documents and Settings\<username>\Local Settings\Temp, but those files are removed once the installer exits.

To extract files from a .msi file at the command line, type:

msiexec /a PathToMSIFile /qb TARGETDIR=DirectoryToExtractTo

For example, to extract files from c:\installer.msi into c:\install you would type:

msiexec /a c:\installer.msi /qb TARGETDIR=c:\install

The destination directory does not need to exist prior to running this command.

If this doesnt work, a crude way is to rename the msi file to a rar file, winrar will then allow you to extract all the files – however… it doesnt name them properly, so I used a combination of LesMsierables a .net file which allows you to view msi files and compared the size to find the specific file I wanted..

Hyperterminal / command line modem calls

Posted by admin on December 8th, 2009 | 0 comments

Not something you use much these days, but something I thought i’d note down here in case someone at some point needs it.

ATA (ata) Handshake sounds if modem speaker is enabled. Modem tries to answer call with handshake sounds. Press Enter to stop this process. The no carrier message is normal with this command. This command does not apply to Windows XP.
ATDT <ISP Phone Number>
For example, ATDT1234567 (where 1234567 is the connection number to dial for Internet service).
To connect to a test server in the US you can type:
ATDT18666633665 Login: _ Connects to a test server. If you can get to a login, your modem is working correctly.
ATDT (atdt) Dialtone if modem speaker is enabled. Indicates that the modem can get a dial tone. The message “no dial tone” indicates that either the modem or phone line is not working correctly. Press Enter to stop this process.
AT&F OK Resets most modems to factory defaults.
ATI0 (ati) 56000 ok The response varies between modems, but returns the modem speed..
ATI3 (ati) <Version and name> Returns the modem product type and firmware version.
ATZ (atz) ok This command resets the modem.
ATH (ath) ok Hangs up modem
ATS0=2 (ats0=2)
Zero, not the letter O . ok This command sets the modem to receive. Call the computer’s phone number and you should hear the handshake signal. Ring, ring displays on HyperTerminal screen, followed by no carrier , when the caller hangs up.

ATA (ata) Handshake sounds if modem speaker is enabled. Modem tries to answer call with handshake sounds. Press Enter to stop this process. The no carrier message is normal with this command. This command does not apply to Windows XP.

ATDT <ISP Phone Number>

For example, ATDT1234567 (where 1234567 is the connection number to dial for Internet service).

To connect to a test server in the US you can type:

ATDT18666633665 Login: _ Connects to a test server. If you can get to a login, your modem is working correctly.

ATDT (atdt) Dialtone if modem speaker is enabled. Indicates that the modem can get a dial tone. The message “no dial tone” indicates that either the modem or phone line is not working correctly. Press Enter to stop this process.

AT&F OK Resets most modems to factory defaults.

ATI0 (ati) 56000 ok The response varies between modems, but returns the modem speed..

ATI3 (ati) <Version and name> Returns the modem product type and firmware version.

ATZ (atz) ok This command resets the modem.

ATH (ath) ok Hangs up modem

ATS0=2 (ats0=2)

Zero, not the letter O . ok This command sets the modem to receive. Call the computer’s phone number and you should hear the handshake signal. Ring, ring displays on HyperTerminal screen, followed by no carrier , when the caller hangs up.

Checkpoint fw monitor to debug and trace traffic.

Posted by admin on November 9th, 2009 | 0 comments

tcpdump is good, but for checkpoints to find out exactly what is happening to your traffic fw monitor is the way to go.

its usage is as follows to live debug traffic according to your filter:

# fw monitor -e “accept src=10.0.0.x;”

This will output in realtime the traffic going into your firewall from ip address 10.0.0.x

You will see output similar to the below:

Lan1:i[84]: 192.168.232.12 -> 172.16.100.40 (ICMP) len=84 id=0
ICMP: type=8 code=0 echo request id=64597 seq=5025
Lan1:I[84]: 192.168.232.12 -> 172.16.100.40 (ICMP) len=84 id=0
ICMP: type=8 code=0 echo request id=64597 seq=5025
Lan5:o[84]: 192.168.232.12 -> 172.16.100.40 (ICMP) len=84 id=0
ICMP: type=8 code=0 echo request id=64597 seq=5025
Lan5:O[84]: 192.168.232.12 -> 172.16.100.40 (ICMP) len=84 id=0

Lan1:i[84]: 10.0.0.1 ->192.168.0.1 (ICMP) len=84 id=0 <———– This shows traffic coming into interface Lan1 but before rules have been processed thats the lowercase i.

ICMP: type=8 code=0 echo request id=64597 seq=5025

Lan1:I[84]: 10.0.0.1 -> 192.168.0.1 (ICMP) len=84 id=0 <——— This shows traffic still on interface Lan1 but after rules have been processed hence the uppercase I, if firewalls were dropping this packet you would not see this.

ICMP: type=8 code=0 echo request id=64597 seq=5025

Lan5:o[84]: 10.0.0.1 -> 192.168.0.1 (ICMP) len=84 id=0 <———-Now we see traffic going out of the destination interface Lan5 but again before the rules have been processed – lowercase o.

ICMP: type=8 code=0 echo request id=64597 seq=5025

Lan5:O[84]: 10.0.0.1 ->192.168.0.1 (ICMP) len=84 id=0 <———-Finally we see traffic going out of the destination interface Lan 5 after successfully traversing the rules – uppercase O

There is a load of filters you can apply, the example above uses src, but you can also use keywords such as dst, sport, dport etc..

Check this doc for a full list of what you can and can’t do..

http://www.checkpoint.com/techsupport/downloads/html/ethereal/fw_monitor_rev1_01.pdf

Next