Tuesday, January 15, 2019

Building a Minecraft 1.12.2 Forge Server on Ubutnu 18.04 Server Edition

Building and running a Minecraft server is fairly easy and gives you flexibility with all sorts of mods. There are a few decisions you'll need to make such as:
  • Do you want your Minecraft server to be public (anyone who learns your IP) or private (just you and your friends.)
  • What mods you want to install. You'll need to read carefully to see if a mod is client side or client and server. If it's client and server, you'll need to make sure your friends download the same mod versions you have installed on the server. They'll obviously need to be using Minecraft Forge as well as that's what we're using on the server.

Definitions:

x.x.x.x or Server: The Ubuntu 18.04 Server with Minecraft Server
y.y.y.y or Host: The IP of your computer with Minecraft game on it
z.z.z.z: IP(s) for friends you want to allow to play Minecraft on your server (optional for private server.)

Configuring the Minecraft Server

I'll assume you have a freshly built Ubuntu 18.04 Server built. This tutorial won't cover doing this, just the configuration of it.

Installing Java 8

$ sudo add-apt-repository ppa:webupd8team/java
$ sudo apt update
$ sudo apt install oracle-java8-installed

Verify Default Java Version

$ java -version

openjdk version "1.8.0_191"
OpenJDK Runtime Environment (build 1.8.0_191-8u191-b12-0ubuntu0.18.04.1-b12)
OpenJDK 64-Bit Server VM (build 25.191-b12, mixed mode)
If your openjdk version is not 1.8.0_191, type the below and select it from the list.
$ sudo update-alternatives --config java

Installing Minecraft

From your home folder on the Server, type the following:
$ mkdir minecraft
$ cd minecraft
Go to https://mcversions.net/ and click the link for the 1.12.2 Server Jar. Place the server.jar file into the minecraft folder you created above.

You'll need to accept the end user license agreement (EULA) so type the below.
$ echo "eula=true" > eula.txt
Now let's launch and install the Minecraft server
$ java -Xmx1024M -Xms1024M -jar server.jar nogui
After lots of text going by (look for anything in red which denotes an error) you'll know it's done and ready when you see text about preparing the spawn area and Unloading dimensions. The '>' is your Minecraft prompt. 
Type /help to get info about op'ing, banning, give etc. commands. Type the below command to stop the Minecraft server.
> /stop

Installing Forge


Go to http://www.minecraftforge.net/forum/forum/7-releases/ and find the latest version of forge for the version Minecraft 1.12.2. As of the writing of this tutorial, that's version 14.23.5.2807. Download that file into the minecraft folder. For purposes of the below, replace "forge-1.12.2-14.23.5.2807-installer.jar" with the filename of .jar you just downloaded.
$ chmod +x forge-1.12.2-14.23.5.2807-installer.jar
$ java -jar forge-1.12.2-14.23.5.2807-installer.jar --installServer
Now let's test that everything is working correctly. Again, replace "forge-1.12.2-14.23.5.2807-installer.jar" with the filename of Minecraft Forge .jar you downloaded.
$ java -Xmx1024M -Xms1024M -jar forge-1.12.2-14.23.5.2807-universal.jar nogui
After lots of text going by (look for anything in red which denotes an error) you'll know it's done and ready when you see text about preparing the spawn area and Unloading dimensions. The '>' is your Minecraft prompt. Type /help to get info about op'ing, banning, give etc. commands.
[22:40:12] [Server thread/INFO] [minecraft/MinecraftServer]: Preparing start region for level 0
[22:40:13] [Server thread/INFO] [minecraft/MinecraftServer]: Preparing spawn area: 18%
[22:40:14] [Server thread/INFO] [minecraft/DedicatedServer]: Done (3.795s)! For help, type "help" or "?"
[22:40:16] [Server thread/INFO] [FML]: Unloading dimension -1
[22:40:16] [Server thread/INFO] [FML]: Unloading dimension 1
[22:40:16] [Server thread/INFO] [FML]: Unloading dimension 20
[22:40:16] [Server thread/INFO] [FML]: Unloading dimension 7
> 

Installing mods

I generally get all my mods from https://minecraft.curseforge.com/. Find mods you like and download them into the minecraft/mods folder. Remember, some mods are client only, like say, Journeymap and Inventory Tweaks. Client side mods will throw errors and prevent the Minecraft server from starting if put in the server mods folder.

Router config:

We're almost done! If you want your friends to connect to the server from their house, or you made it completely public, you need to set port forwarding in your internet modem (Comcast, Qwest etc.)

NOTE: If you and your friends will only be connecting to your Minecraft server from your network (your house), then you can skip to Configuring a Static IP.

I'll walk you through how to do this on a Comcast modem as that's what I have. If you have something different, you'll need to do a little Googling, or call their tech support. If you happen to have an all-in-one modem with wifi built in, then this will be much simpler as you won't be dealing with two different subnets.

The easiest way is to now plug your Minecraft server directly into your Comcast modem. Then you need to check what IP address it gives you. Let's say it gave you 10.1.15.100, then the Comcast modem's web interface is going to be the same first three octets (10.1.15) with a '1' as the last octet. i.e. 10.1.15.1.

Assuming your IP was 10.1.15.100, in a browser, go to http://10.1.15.1. At the login page enter the following credentials:

- Username: cusadmin
- Password: highspeed

and login.



The first thing we want to do is figure out what your DHCP pool is so we can static the IP of your Minecraft server to an IP outside that range. Click on LAN on the left side and look at the DHCP Start IP and DHCP End IP. Let's assume these values are 10.1.15.10 and 10.1.15.199 respectively. We're going to want to pick an IP address either above or below that range. For purposes of this tutorial, let's go with 10.1.15.9 as the IP we want to give our Minecraft server.



On the left, click on Firewall, then at the top, click on the Port Configuration tab.



Click on the Add New button and enter the following information like the screenshot, replacing x.x.x.x with the IP of your Minecraft Server (we used 10.1.15.9 as an example previously).



Click on apply and give it a few moments to write the configuration. At this point, we're done with the modem and we will now move on to configuring the static IP on the Minecraft server.

Configuring a Static IP:

On the Minecraft server, type the below:
$ sudo nano /etc/netplan/50-cloud-init.yaml
Enter in the below information, replacing the 10.1.15.9 with the Minecraft server IP (make sure to keep the /24) and 10.1.15.1 with the Comcast modem IP. You can also replace the 8.8.8.8,8.8.8.4 with DNS servers of your choice. These happen to be the ones for Google DNS servers:

NOTE: Consistent spacing is important. Everything below should line up the way it shows. eno1 is the name of my network interface, if yours is different, leave it alone.
# This file is generated from information provided by
# the datasource.  Changes to it will not persist across an instance.
# To disable cloud-init's network configuration capabilities, write a file
# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
# network: {config: disabled}
network:
    ethernets:
        eno1:
            addresses: 
              - 10.1.15.9/24
            gateway4: 10.1.15.1
            nameservers: 
              addresses: [8.8.8.8,8.8.4.4]
            dhcp4: false
    version: 2
Hit CTRL-O, Enter, CTRL-X and then type:
$ sudo netplan apply

If everything goes right, you should have no errors.

Configuring Universal Firewall (UFW):

Whether your Minecraft server is public or private, we want to configure the firewall just as a good practice.
$ sudo ufw enable
Now we need to configure some rules to allow connections to the Minecraft server default port 25565. Depending on how "private" you want your server, we'll start out with the most restrictive and open it up as we go along. I'm going to assume that since you're setting up a Minecraft server, you want to play with some friends. Let's take care of you first, then the friends.

Let's create a rule that says anyone on your home network with the Minecraft server on it is going to be able to connect and play.
$ sudo ufw allow from x.x.x.0/24 to x.x.x.x proto any port 25565
We're basically saying, any IP on your network can connect to the Minecraft server over port 25565. So you and any friends at your house on your network can play together.

Now, let's say you want your friends to be able to play from their house. Ask them to go to https://whatismyip.com and tell you the numbers after the text "Your Public IPv4 is:". Type the below command, replacing z.z.z.z with the IP they gave you. x.x.x.x is going to be the IP address you set up in Configuring a Static IP
$ sudo ufw allow from z.z.z.z to x.x.x.x proto any port 25565
If instead, you want your Minecraft server to be completely public, then instead of the last two rules we entered, you can type:
$ sudo ufw allow from any to x.x.x.x proto any port 25565

Let's Test it Out!


Launch Minecraft on the host and go to Multiplayer


Then click on Add Server



Then Enter server information in the form of SERVER-IP:PORT. Port 25565 is the default port for the Minecraft server. Server name can be anything you want. Mine is called PCWize in the previous screenshot.


Click Done when finished. If everything is going right, you should see something like the PCWize entry two screenshots above.

Click on the little picture to the left of your newly added server and you should get spawned into a new world.

Your friends, if they are at their house, will need to put in your public IP address (go to https://whatismyip.com) and they'll put that in place of the x.x.x.x in the screenshot above.

Well, that should just about do it. Happy mining!



Tuesday, December 11, 2018

Converting Keep to Pet Snippets

I've been wanting to move from OrkoHunter's Keep to the more feature rich knqyf263's Pet but kept procrastinating because I already had hundreds of snippets in Keep and dreaded the copy and paste nightmare to move them one by one.

Here's a quick bash script I wrote to parse through Keep's .json'ish format and convert to Pet's TOML format. Hopefully this helps someone else facing the same issue.

#! /bin/bash

###Leif Gregory <leif@devtek.org>
###Copy Keep's commands.json file to the same folder as this script and run it.
###It will output a file in the same folder called snippet.toml. Make a backup
###copy of your old snippet.toml and move the new one into its place. Run
###"pet list" and hopefully you'll get a clean output. If not, pet will tell
###you which line of snippet.toml the error is on. Compare it with the original
###commands.json file.

#Usage [scriptname]
#e.g. ./keep2pet

inputfile=./commands.json  #Typically found in $HOME/.keep/
outputfile=./snippet.toml  #Move this file to, typically, $HOME/.config/pet/

#Keep's commands.json starts with { and ends with } which the first and last
#sed take care of. The 2nd sed breaks up the single line with all commands
#and descriptions into one command and description per line. The delimiter is
#unfortunately a comma and I had lots of commas in my descriptions. So, it
#breaks on '", "' which means it removes the leading and trailing double quotes.
#The 3rd and 4th sed fixes those. Lastly, it writes all these lines to a temp
#file which gets removed at the end. 


cat $inputfile | sed 's/^{\"//g' | sed 's/\", \"/\n/g' | sed 's/^/"/g' | sed 's/$/"/g' | sed 's/\"}$//g' > ./keep2pet-temp

while read -r line
do
    #Now we're down to one command and description delimited by ": "
    command=$(awk -F ": " '{print $1}' <<< $line)
    description=$(awk -F ": " '{print $2}' <<< $line)

    #Write each commands.json snippet to TOML format file
    echo "
[[snippets]]
  description = $description
  command = $command
  output = \"\"" >> "$outputfile"
done < keep2pet-temp

rm ./keep2pet-temp 


Thursday, November 29, 2018

Summing numbers at the end of lines in a text file

I wrote this one liner to sum the counts of various attacks that were being blocked and logged by the firewall during an automated scan.

Let's say your log looks something like this.

Contents of log.txt

Microsoft Windows win.ini Access Attempt Detected 30851 vulnerability 782 
HTTP Cross Site Scripting Attempt 32658 vulnerability 288
Generic HTTP Cross Site Scripting Attempt 31475 vulnerability 94
HTTP /etc/passwd Access Attempt 35107 vulnerability 82
HTTP SQL Injection Attempt 30514 vulnerability 52
PHP CGI Query String Parameter Handling Information Disclosure Vulnerability 34804 vulnerability 28
Generic HTTP Cross Site Scripting Attempt 31476 vulnerability 24
Apache Tomcat URIencoding Directory Traversal Vulnerability 35298 vulnerability 13
Export RSA cipher suite detected 37493 vulnerability 11
HTTP SQL Injection Attempt 33338 vulnerability 10
Squid HTTP Header Parsing Assertion Failure Denial of Service Vulnerability 39682 vulnerability 10
Oracle 9i Application Server Dynamic Monitoring Services Anonymous Access 33756 vulnerability 8
HTTP SQL Injection Attempt 35823 vulnerability 6
PHP-Charts PHP Code Execution Vulnerability 37008 vulnerability 6
Microsoft Internet Explorer Cached Objects Zone Bypass Vulnerability 33813 vulnerability 4
Advantech Studio NTWebServer Arbitrary File Access Vulnerability 35784 vulnerability 2
Generic HTTP Cross Site Scripting Attempt 30847 vulnerability 2
Microsoft IIS ServerVariables_JScript. asp Information Disclosure 33073 vulnerability 2
Microsoft IIS 5.0 Form_JScript.asp XSS Vulnerability 32775 vulnerability 2
Joomla HTTP User Agent Object Injection Vulnerability 38519 vulnerability 1
OpenSSL Status Extension Memory Leak Denial of Service Vulnerability 39926 vulnerability 1



The five digit numbers before the word "vulnerability" are an ID and the digits at the end of each line are the counts of how many were blocked. We could sit here with a calculator and add all the digits at the end together, but the below one liner will do it for you.

grep -oP '\d{1,4}$' log.txt | xargs | tr ' ' + | bc

When run, it will output: 1428

Let's break down the one liner to understand what each part is doing.

grep -oP

  • -o tells grep to only output the matched text, not the whole line. 
  • -P tells grep we want to use PCRE regexp vs the default POSIX regexp.

'\d{1,4}$'

  • \d tells grep we're looking for a digit.
  • {1,4} tells grep we're looking for a number that will be between one and four digits.
  • $ tells grep we're looking for these one to four digit numbers to be at the end of the line.
Technical note: Just in case someone has an issue with how I phrased the above, what we're really telling grep is to look for between one and four digits sequentially.


log.txt is the name of the log file


| means we're piping the output of the previous command, grep in this case, into another command


xargs is going to take all the one to four digit numbers found and concatenate them into a string like this:
782 288 94 82 52 28 24 13 11 10 10 8 6 6 4 2 2 2 2 1 1


tr ' ' + will replace all the spaces between the numbers with the plus sign like this:
782+288+94+82+52+28+24+13+11+10+10+8+6+6+4+2+2+2+2+1+1


bc is a command line calculator that will evaluate the string provided by tr above and produce a sum. 1428 in this case.

If you needed to subtract instead of add, you'd just change the '+' in the tr command to '-'. Or if your counts could be a five digit number just change '{1,4}' to '{1,5}'. Or let's say your counts will always at least be three digits, but no more than five, you'd change it to '{3,5}'


Tuesday, August 11, 2015

iOS Security Tools - OpenVPN Connect

OpenVPN Connect - Normally $2.99 but free at time of this article

Developer: OpenVPN Technologies

Whether you're connecting to the internet over WiFi at a hotel, airport, coffee shop etc. unless your app provides native encryption or you're browsing websites over HTTPS (HyperText Transfer Protocol Secure) then your data is wide open for someone on that same network to see. If you're googling for fuzzy kitten pictures, then it probably doesn't matter, but if you're transferring work files or logging into a website without encryption then you run the risk of a bad guy intercepting that data. You might even think that only highly skilled hackers can do this, but nothing is further from the truth. It could be the soccer mom sitting four tables away from you running Wireshark on her laptop just passively collecting packets until her filter for the text "password" flags and then she's got you.

But for a moment, let's get away from the hacker scenario. Who else could be monitoring your traffic? The provider of the wireless access point you're connected to? The ISP (Internet Service Provider) connecting you to the internet? The coffee shop? If you answered yes to all of these, then you are correct. It might be relatively benign, most likely they're monitoring which websites you go to and injecting ads they believe are relevant. Or they're just building on your profile of browsing habits because they can monetize that.

That's where a VPN (Virtual Private Network) comes in. Basically a VPN creates an encrypted tunnel between your device and a server out on the internet. This tunnel encrypts all your data making it unreadable to anyone except the server on the other end who decrypts the tunnel and passes your requests on to wherever you were trying to go. Let's say you are connected to your local cafe's free wireless on your iPad using a VPN and you launch the Chrome web browser to go to this blog at http://blog.saltedbrain.org. Your iPad is connected to a VPN server on the internet over an encrypted tunnel. The hacker soccer mom can see your packet data, but it's all securely encrypted and unreadable to her. Same for the cafe owner's wireless access point, the ISP and the interconnecting hops all the way to your VPN server. The VPN server decrypts the traffic and passes your web browser request for this blog to my server on your behalf. My blog server responds and sends everything back to the VPN server who then encrypts everything again over the VPN tunnel and sends it back to your iPad.

Now, the more tech savvy among you might have realized that if everything is decrypted at the VPN server, then they could potentially capture all that data right there. You are correct. That's why it's very important to do your research in finding a reputable VPN provider. Or, you can place your trust in me and my research and follow along below to get set up. But bear with me for another minute here so I can explain what you're looking for in a good reputable VPN provider.

  • They should support the latest encryption methods such as AES 256
  • They should state in very plain text and loudly that they do not store or read your internet traffic. You still have to take that on a leap of faith I suppose.
  • They should make mention of their speeds. In a world where you usually get what you pay for, free or cheap VPN providers typically have slow connections. The one I will be telling you about is an exception.
  • Look for bandwidth limits. Will they give you fast connectivity until you hit 1GB and then rate limit your connection (slow you down)? Will they cut you off after you hit 1GB of traffic?
  • Do they limit what sort of sites you can visit? Most will block P2P (torrents), but will they block gaming sites?

I've found a VPN provider who gives you unlimited bandwidth, doesn't block anything but P2P, doesn't store your internet traffic aside from your IP address and what time you connected (which they only keep for a week), support strong cryptography and they're FREE. You can find them at http://www.vpnbook.com.

Let's get into how to get set up.

  • Download the OpenVPN Connect app from the Apple App Store.
  • Download the Zip Viewer app from the Apple App Store. We need this to download and extract the OpenVPN profile from VPNBook. If you have another app that will let you download ZIP files, such as iDownloader already, then use that.
  • Go to http://www.vpnbook.com/freevpn in Safari and tap the link for US1 OpenVPN Certificate Bundle as shown in the screenshot. Take note of the username and password just below the various bundles. You'll need this later.
  • Choose Open In and scroll over till you find Open In Zip Viewer
  • When Zip Viewer opens, tap on VPNBook.com-OpenVPN-US1 on the left to open the ZIP file and then tap on vpnbook-us1-tcp80.ovpn on the right.
  • Next tap on the Send To icon at top right and choose Open in OpenVPN

  • When OpenVPN launches you'll see 192.7.62.204/vpnbook-us1-tcp80 under the New Profiles Are Available section. Tap on the green plus sign and it will open that profile below like the screenshot (I had already added this when I took the screenshot.)
  • The username and password are listed on the VPNBook page where you downloaded the OpenVPN Certificate Bundle. At the time of writing this article, it was vpnbook:y6gaTRuv. Tap the save switch so you don't have to enter them again later. Now tap the Connection switch.

    And that's it. You can switch to another app and start browsing. You should see a VPN box next to your carrier and WiFi info at the very top. This lets you know you are using a VPN connection. When you're all done, just launch OpenVPN again and tap the Connection switch to turn it off. You can even run OpenVPN over your cell data connection. It's not limited to just WiFi.

Sunday, March 1, 2015

iOS Security Tools - Fing

Fing - FREE

Developer: Overlook Soft

Fing is a highly configurable network scanner which can be leveraged for private networks, but can also be used to scan external hosts. One of Fing's best features is that it will remember networks you've already scanned and retain the names and additional information you've put in for discovered hosts. Fing has a built in MAC vendor database to help identify targets of interest from the discovered hosts. When you first launch Fing, it will detect the network you're on with a scan button in the upper right corner. Depending upon the size of the network, the scan can be fairly quick for a /24 bit subnet, or fairly long for say, an airport running a /16 bit network.

In the above, I cancelled the scan on after a minute or two because it was a /16 bit network and I really didn't need a full scan. One limitation of Fing is that you have to wait till a scan is completed or cancel it to be able to do more detailed scans on discovered hosts. Once you have your list of discovered hosts, you can perform additional scans to determine which services are running on them. For this article, I'm going to choose the HP printer listed at the top as my target for a deeper dive.

After tapping on the host, you have a few options such as Scan Services, Ping Device, Delete from the List, Show Log and Wake on LAN. I'm going to Scan Services and show you that next.

You can see from the results above that there are a number of interesting services running on the host. Fing allows you to tap on the service and attempt to connect with an appropriate app. For http and https, that's your default browser for instance. If the host is a computer, you might see things like FTP or NETBIOS which will leverage your FTP app or file browser app. Let's check out port 8080 to see if we can get a live webpage.

Ouch, it looks like our printer is an HP LaserJet M1536dnf MFP and it doesn't have an admin password set. If I was a mean co-worker, I could change a few settings here and have a nice MFP all to myself. If you remember in the beginning of this article, I said Fing remembers networks you've scanned and additional information you put in about a discovered host. Let's go ahead and put in some info about this host.

Now we've got a more descriptive name than NPI23xxxx and I've annotated that the web interface on port 8080 is wide open and physically where the printer is located. One benny is that the information you type in is searchable from the main screen when you tap the search button on the bottom left. Below you can see the search result from the comment I put in about port 8080 being wide open.

If you'd like to scan an external host, you can do that from the main screen by tapping the pen and paper icon on the bottom row.

The ubiquitos send to icon in iOS allows you to send the information to other apps or via email which includes any additional info you put in about the host.

In the settings, you can modify things like what services to scan for and even add your own. You can also spoof your MAC address if need be.

Fing is a nicely put together network scanner to help locate potentially insecure devices on your network and the ability to remember previously scanned networks and any additional information you put in really sets this app apart from others. One last note, You can sign up for a free FingBox account which will sync and backup your customizations.

 

Friday, February 20, 2015

iOS Security Tools - RBL Status

RBL Status - $1.99

Developer: Pavel Ahafonau

One of the other hats I wear is as a web application developer predominately in the PHP / MySQL realm and I generally build, harden and deploy the web servers to run those applications on. Sometimes those servers also include a Mail Transfer Agent (MTA) / mail server depending upon the business need.

Whether you're troubleshooting an email issue or you're wanting to verify your mailform code is secure or that your mail server is properly hardened and not configured as an open-relay, Real-time Blackhole Lists (RBLs) can help you determine whether your server is listed as being a source of spam.

The efficacy of RBLs, also referred to as DNS blacklists or DNSRBLs, is debatable for a couple of reasons. One of the biggest problems it presents is the collateral damage that ensues when a single domain on a shared host is exploited to send spam. Because RBLs are IP based, an insecure mailform on a website sharing the same IP as you could cause the IP to be blacklisted. This is an extremely frustrating situation to be in because until they fix the problem you'll be punished right alongside them.

A similar situation can occur if you're running a server on a dynamic IP and you happen to one day pick up an IP that has been blacklisted.

To further complicate the matter, there are a number of RBL services and to effectively troubleshoot, you have to track down which one is being used by the mailserver denying your emails. Getting your IP delisted can sometimes be difficult and each RBL service has varying policies for automated or manual delisting.

If you'd like to learn more, take a look at Wikipedia's Comparison of DNS blacklists

The RBL Status app is an easy and quick tool to determine whether your IP address has been blacklisted. Currently it supports thirteen of the most popular RBLs, with seven selected by default for checking when you install the app. Based on your needs, you can select or deselect the RBLs that are most appropriate for you.

As an example, I took the IP for one of the top spam senders according to McAfee's Threat Intelligence site. In the below screenshot you can see that the IP is listed in two RBLs.


There are two downsides to the RBL Status app that I see. The first is that aside from the information it displays, you can not drill down to get more information. Based on the previous issue, the second is that the links it provides for further information where an IP is listed are not clickable and so you'll have to resort to typing the URLs in manually, or choosing the arrow button to the left of the Check button to send the info via email where you can then copy and paste the URL into a browser.

Visiting the URL listed for SORBS in the above screenshot will bring you to the below page where you can determine how fresh the listing is etc.

One nice benny RBL Status has is that you can perform a whois lookup on the domain, the IP, and the reverse hostname.

So, that's it in a nutshell. Hopefully you won't be on the wrong side of an RBL listing and have to deal with the headache of delisting.

Tuesday, February 10, 2015

iOS Security Tools - Netstat







Netstat - FREE with IAPs
Developer: James Devenish

Netstat, as you may be familiar with already on Linux and Windows, gives you live information such as protocol (http, https, imaps), remote address, connection duration, idle time, round-trip-time (rtt) and bytes received grouped by interface such as wifi, VPN or cellular.

Netstat on an iOS device is a useful tool for being able to see where an app is connecting to and over what protocols without having to packet sniff your device traffic. It's also handy for finding apps that might be sending your information across the internet using insecure protocols or to watch how other security tools on your device are communicating.

The paid version which is available as an IAP comes in two flavors. The first is a $.99 Connection Details which allows you to tap on a connection to see additional information. The second is a $3.99 IAP which includes the Connection Detail, but also adds audio alerts, delta mode for new activity, sorting connections by various criteria, host connectivity testing, whois lookup and port info.



The free version allows export to CSV which will give you basically the same thing as the $.99 IAP for Connection Details with just a couple extra steps.


One potentially fatal limitation is the lack of IPv6 support. If IPv4 is all you need though, then this will do the trick.



- Leif Gregory, Security Professional