Saving a packet trace in Mac OS X

  1. Log in with an administrator account.
  2. Open Terminal (/Applications/Utilities).
  3. To start the trace, you will type a command, followed by the Return key. The command you choose needs to match the way your computer connects to the Internet.

    For built-in Ethernet, type:

    sudo tcpdump -i en0 -vvv -n -s 0 -w ~/Desktop/DumpFile.dmp

    Note: Both “en0” and “-s 0” include a zero, not the letter O.

    For AirPort, type:

    sudo tcpdump -i en1 -vvv -n -s 0 -w ~/Desktop/DumpFile.dmp

    Note:-s 0” includes a zero (0), not the letter O.

    For a VPN connection or a dial-up modem (PPP), type:

    sudo tcpdump -i ppp0 -vvv -n -s 0 -w ~/Desktop/DumpFile.dmp

    Note: Both “ppp0” and “-s 0” include a zero, not the letter O.

  4. When prompted for a password, enter the one for your administrator account. You’ll see a message in Terminal such as “tcpdump: listening on en0…” which lets you know the computer is actively capturing network traffic.
  5. Now, perform the network activities that involve the issue you’re trying to capture packets for.
  6. When you’re ready to stop capturing packets, click the Terminal window to bring it to the foreground.
  7. Press Control-C.

How to force deletion of a SSP stuck in unprovisioning state

Sometimes things go wrong with the SSP (life without it in SharePoint 2010 shall be interesting…) If you have one that will not delete, gets stuck in an “unprovisioning state”, cannot be opened or similar try this extra flag:

“Stsadm -o deletessp -title SSPNAME -force“.

The -force will normally delete the entry even if there are errors occurring.


IF you’ve worked with SharePoint for any amount of time you know that is not always the word one would use to describe your experiences. Sometimes that command just does not work and you end up with a lingering SSP. To resolve you need to identify the GUID for the problem SSP and use STSADM -o deleteconfigurationobject -id “id retrieved from object table” to remove this/these item/s from the configuration database.

What’s the GUID? Use the following procedure to identify the Shared Services GUID:

  1. Login to the SQL server.
  2. Open SQL Management Studio and expend Databases.
  3. Expand Configuration Database & Tables.
  4. Open table for dbo.object.
  5. Execute the following query in query analyzer: SELECT * FROM [SharePoint_Config].[dbo].[Objects]where name like ‘%SharedServices%’ The results should look like this:

    A2B1EC50-7134-40D1-9D97-0D54E129AE70   1AAB936C-E65C-4829-9683-5CCF5BAB90B0   3ACD71A5-B35A-44F1-B524-F90FFEA1AACE   SharedServices1_Search_DB

    7BB6D64A-E954-4E55-B7CE-15F9AA071748   FB6E9959-5209-44FB-83A4-0A51C31F7A02   3ACD71A5-B35A-44F1-B524-F90FFEA1AACE   SharedServices2_DB

    A9013685-0830-43A9-925A-7875A10DDA82   9D95E78B-FA6F-4349-AD9A-43BD3EF44E99   43DAD086-2C32-4ECF-B545-9FC63D80698B   SharedServices2

  6. Copy the ID of object referenced in objects table of configuration database.
  7. Open command prompt and changed directory to C:Program FilesCommon FilesMicrosoft Sharedweb server extensions12BIN> and executed following command to delete the Shared Services using the ID which was copied: Stsadm -o deleteconfigurationobject -id “id retrieved from object table”

SharePoint Services Timer Service File System Cache Reset / Clear

Reseting the file system cache can resolve many issues in a SharePoint farm. Perform this operation first if you get stuck with any issues related to timer jobs.
File system cache should be cleared on all servers in the server farm on which the Windows SharePoint Services Timer service is running. To do this, follow these steps:
1. Stop the Timer service.
To do this, follow these steps:
a. Click Start, point to Administrative Tools, and then click Services.
b. Right-click Windows SharePoint Services Timer, and then click Stop.
2. Delete or move the contents of the following folder:
a. %ALLUSERSPROFILE% Application DataMicrosoftSharePointConfigGUID
b. Leave the cache.ini alone
c. Delete all other files (all guid.xml) these are all timer job definitions
d. Open cache.ini in notepad and change whatever number you see there to 0
3. Start the Timer service:
To do this, follow these steps:
a. Click Start, point to Administrative Tools, and then click Services.
b. Right-click Windows SharePoint Services Timer, and then click Start.
Note: The file system cache is re-created after you perform this procedure. Make sure that you perform this procedure on all servers in the server farm on which the Timer service is running.
Go back to the %ALLUSERSPROFILE% Application DataMicrosoftSharePointConfigGUID folder and make sure you see a bunch of xml files.
Open the cache.ini and see if the 0 is replaced by a higher value.
You have now synched all your servers with the same timer job definitions from the config db.

Replacing ZFS on OS X… What now?

It’s clear that Apple and Sun just could not agree on licensing so the ZFS party has come to an end on OS X. A shame but also an exciting opportunity for something new. It’s pretty obvious that Apple will now build its own advanced filesystem instead of adopting ZFS or its Linux cousin BtrFS (itself an Oracle project, which comes with licensing that is also highly likely to be incompatible with Apple’s xnu kernel…) Why is it clear / obvious?

  • With the release of Snow Leopard the base of the os is stable, fast, and the resources that did all the work are now “free” to work on something new.
  • The mathematical problems that ZFS addressed when originally conceived have been the focus of the general community for some time now. Translated = there are more, and refined, options now.

So time will tell what will happen next unless they can sort it all out…
> Apple can currently just take the ZFS CDDL code and incorporate it   > (like they did with DTrace), but it may be that they wanted a "private   > license" from Sun (with appropriate technical support and   > indemnification), and the two entities couldn't come to mutually   > agreeable terms.  I cannot disclose details, but that is the essence of it.  Jeff

Grand Central Dispatch ported to FreeBSD

Those who know me know that I am a huge proponent of FreeBSD. Since I first toyed around with it with version 2 and got comfortable starting with version 3 it has consistently impressed me with it’s features and abilities. Now Apple’s Grand Central Dispatch, which was recently open sourced, has been ported to FreeBSD from OS X and is planned to be included by default in FreeBSD 8.1. Also known as libdispatch, the API allows the use of function-based callbacks but will also support blocks if built using FreeBSD’s clang compiler package. FreeBSD’s porting efforts should help to make GCD easier to port to other operating systems with conventional Unix or Unix-like kernels, including OpenBSD, NetBSD, Linux, and Solaris.

If you’re new to FreeBSD a key thing about it is its release process.

Murray Stokely recently released the FreeBSD Release Engineering paper which goes to great length in detailing the different phases of the release engineering process leading up to the actual system build as well as the actual build process and very important discussion on the future directions of developmen. I would highly recommend reading through it. Here’s an excerpt:

This paper describes the approach used by the FreeBSD release engineering team to make production quality releases of the FreeBSD Operating System. It details the methodology used for the official FreeBSD releases and describes the tools available for those interested in producing customized FreeBSD releases for corporate rollouts or commercial productization.

The development of FreeBSD is a very open process. FreeBSD is comprised of contributions from thousands of people around the world. The FreeBSD Project provides anonymous CVS[1] access to the general public so that others can have access to log messages, diffs (patches) between development branches, and other productivity enhancements that formal source code management provides. This has been a huge help in attracting more talented developers to FreeBSD. However, I think everyone would agree that chaos would soon manifest if write access was opened up to everyone on the Internet. Therefore only a “select” group of nearly 300 people are given write access to the CVS repository. These committers[5] are responsible for the bulk of FreeBSD development. An elected core-team[6] of very senior developers provides some level of direction over the project.

The rapid pace of FreeBSD development leaves little time for polishing the development system into a production quality release. To solve this dilemma, development continues on two parallel tracks. The main development branch is the HEAD or trunk of our CVS tree, known as “FreeBSD-CURRENT” or “-CURRENT” for short.

A more stable branch is maintained, known as “FreeBSD-STABLE” or “-STABLE” for short. Both branches live in a master CVS repository in California and are replicated via CVSup[2] to mirrors all over the world. FreeBSD-CURRENT[7] is the “bleeding-edge” of FreeBSD development where all new changes first enter the system. FreeBSD-STABLE is the development branch from which major releases are made. Changes go into this branch at a different pace, and with the general assumption that they have first gone into FreeBSD-CURRENT and have been thoroughly tested by our user community.

In the interim period between releases, monthly snapshots are built automatically by the FreeBSD Project build machines and made available for download from The widespread availability of binary release snapshots, and the tendency of our user community to keep up with -STABLE development with CVSup and “make world”[7] helps to keep FreeBSD-STABLE in a very reliable condition even before the quality assurance activities ramp up pending a major release.

Full Paper here

Public beta of Office 2010 and SharePoint 2010 next month

The public betas for Office 2010, Project 2010, Visio 2010, and SharePoint Server 2010 will arrive in November 2009.

The public betas for Office 2010, Project 2010, Visio 2010, and SharePoint Server 2010 are slated for this November, Microsoft CEO Steve Ballmer today confirmed at the SharePoint Conference 2009. Given the name of the conference, Ballmer focused on revealing some of the new SharePoint 2010 capabilities for the first time, but also made sure to mention that SharePoint Server is one of the fastest-growing products in Microsoft’s history, with over $1.3 billion in revenue (a 20 percent growth over the past year).

Ballmer highlighted the following features and capabilities during his keynote:

  • A new ribbon user interface that makes end users more productive and customization of SharePoint sites easy
  • Deep Office integration through social tagging, backstage integration and document life-cycle management
  • Built-in support for rich media such as video, audio, and Silverlight, making it easy to build dynamic Web sites
  • New Web content management features with built-in accessibility through Web Content Accessibility Guidelines 2.0, multilingual support and one-click page layout, enabling anyone to access SharePoint Server sites
  • New SharePoint tools in Microsoft Visual Studio, giving developers a premier experience with the tools they know and trust
  • Business Connectivity Services, which allow developers to connect capabilities to line-of-business data or Web services in SharePoint Server and the Office client
  • Rich APIs and support for Silverlight, representational state transfer (REST) and Language-Integrated Query (LINQ), to help developers build applications fast on the SharePoint Server platform
  • Enterprise features in SharePoint Online such as Excel Services and InfoPath Forms Services, which make it simple to use, share, secure and manage interactive forms across an organization
  • The addition of two new SharePoint SKUs for Internet-facing sites, including an on-premises and hosted offer

If any of that strikes your fancy, you’ll want to watch the following video (Silverlight required):

The most ambitious goal Microsoft is striving for with Office 2010 is making it available via a familiar experience across the PC, phone, and browser. Office 2010 is the first release of the productivity suite that will come in 32-bit and 64-bit flavors and on one DVD no less.

Compiling Aircrack on 10.6 Snow Leopard

First off get it by using:
svn co aircrack-ng
Now, you need to edit common.mak to build for a 32-bit architecture using 10.5 headers, and have it use gcc-4.0 instead of 4.2.
Find this line:
and replace with:
CC = $(TOOL_PREFIX)gcc-4.0
Then find this line:
CFLAGS ?= -g -W -Wall -Werror -O3 -Wno-strict-aliasing
and replace with:
CFLAGS ?= -g -W -Wall -Werror -O3 -Wno-strict-aliasing -arch i386 -isysroot /Developer/SDKs/MacOSX10.5.sdk
Go back to Terminal and:
cd aircrack-ng
sudo make install
The binaries can be found here: /usr/local/bin/

Remember you can only really use it to poke at already captured data…

Running OS X with a 64 bit kernel

Run the following command: ioreg -l -p IODeviceTree | awk -F'”‘ ‘/firmware-abi/{print $4}’

If you get a response such as EFI64 you’re in luck. If it’s like this EFI32 you’re not so lucky…
To enable this permanently do the following: sudo defaults write /Library/Preferences/SystemConfiguration/ ‘Kernel Flags’ ‘arch=x86_64