I’m nearing the end of my first six weeks in Germany, and I’ve really enjoyed it so far.

I feel like I should be better versed in German, but I’m quite satisfied with the simple ability to walk into a restaurant, order and pay in German (both in language and custom) and be able to understand most of what is said. I’m familiar with greetings, some common phrases, and know my numbers relatively well.

That’s the easy stuff, though. It’s predictable. It’s the same. And I’ve probably done it about sixty times in the past six weeks. Not to mention that the locals are fairly patient if you’re willing to make a fool out of yourself and speak a language you are only picking up in bits and pieces.

It’s those little things, though, that make life just a little bit easier when you’re in a foreign country and missing your usual support system. It’s the ability to interact with people, if only on a basic level, that makes each little bit of German I learn that much more enjoyable.

The weekends are also very enjoyable here. Sundays are a day of rest when most stores are closed and families take walks through the countryside and spend time together. I recently went walking around the town where I’m staying on a brisk (50°F) Sunday and masses of children on their bikes were congregating outside the ice cream shop, families were enjoying the sun, and it seemed as if everybody in the town was walking down main street and enjoying the day. I’ve spent my time here doing some fun side projects, venturing through the countryside to castles, and walking around aimlessly like everybody else.

I’m looking forward to being back home for a little, but I will definitely look forward to coming back to Germany. (And that has nothing to do with Black Hat Amsterdam when I get back…no really. ;))

A few interesting tips for eating out

• Tipping is not required, but acceptable and appreciated in moderation.
• It is common for the bill to be broken up among dinner guests. When you pay, regardless of whether you tip, you tell the server how much you want to pay, not how much change you want.
• You also have to ask for the bill when you’re ready. German etiquette is to let you sit and chat for as long as you like without interrupting you. While it can be a little frustrating for us impatient Americans, it is nice to be able to enjoy a three-hour lunch with drinks, cappuccino, good friends and good conversation.
• Many bathrooms in Germany have an entrance fee, particularly at tourist attractions, roadside stops, or in the evenings. Sometimes there is an automated machine, but more often there is an attendant sitting outside. €0,50 is the standard fee.
• The bathroom is most often located in the basement

One humorous story of how I’ve made a fool of myself before I leave to relax for my last evening here.

I was heading out to dinner with four friends and three of us entered the restaurant while the fourth parked. Thinking I would exercise my newfound counting skills, I looked up as the waitress came over and tried to indicate we would need four menus by saying “vier” while holding up four fingers. She replied in German, to which I replied with a resounding “ja” even though I had no idea what she said. Next thing I know, four beers showed up at the table.

I really can’t complain, but I’ve since learned the word for menu…grin

This is going to be a quick post, mostly because I’m tired from working on that other site and I really need to get some sleep.

I’ve been doing some serious pcap analysis lately. You know the type…where you’ve dumped numerous pcap’s with tcpdump and the wonderful -C parameter. Being the type of guy that I am, I wanted to visualize the traffic I’d captured to identify what was going on. Here’s a few argus commands I used to get the job done. Note I’ve used back slashes (\) to separate the commands onto multiple lines

# Extract specific src mac addresses I'm interested in
for i in `ls ~/captures/pcap*`; do
  /usr/local/sbin/argus -mAJZRU 256 -r $i -w src_macs.argus - \
  ether src 00:00:00:11:22:33 or ether src 00:00:00:33:22:11;
done

Fantastic - now I’ve got an argus data stream that contains traffic solely from a mac or two I was interested in.

# Now let's take a look at top usage for each IP address
racluster -r src_macs.argus -m proto saddr dport -w - | \
  rasort -m saddr pkts -s saddr dport pkts | more

Now that we’ve manually looked through that data and found the top ports (argus used to have a -topN option, but I couldn’t seem to find it) let’s draw some nice-looking graphs. This splits the graph out into directories by date and generates graphs in each directory representing traffic for each particular mac address.

# For each mac address, generate daily usage for the "interesting" ports we saw above
macs="00:00:00:11:22:33 00:00:00:33:22:11"
ports="23 53 80 139 389 443 445 3389 1521"
filter_string=`echo $ports | sed 's/[[:digit:]]*/dst port & or/g' | sed 's/ or$//'`

for mac in ${macs}; do
  rasplit -r src_macs.argus -M time 1d -w "archive/%Y_%m_%d/${mac}.arg" - \
    "(${filter_string}) and (ether src ${mac})";
done

find archive -name *.arg | xargs -I {} \
  ragraph pkts dport -M 1m -r {} -fill -stack -w $(dirname {})/`basename {} .arg`.png

It’s not perfect and it took me quite a while to understand the intricacies of argus (-w - is different from just not specifying an output file, for example), but it’s definitely a start down the road.

So imagine you’re cruising along somewhere in the middle of nowhere Germany. You pulled some directions down from Google Maps, but the problem is that it’s not always obvious where to go. When you don’t know the language and have the town names look the same to you, it’s very easy to get turned around. Combine that with the lack of directional assistance on signs in Germany and distinct lack of knowledge about the geography, I had a little fun today.

I was going to meet a couple of friends at a castle for lunch, and then head over to the town of Rothenburg, which I’ve blogged about before. The only difference this time was the stop for lunch that was, a bit off the beaten track.

Comfortably conquering the backroads before, I copied down the directions from Google and headed out. Two wrong turns that I was able to correct a half-hour into the trip and I was starting to lose my confidence. Although I had written down the names of several towns I was to head through, none of their exact names were showing on town signs as I cruised through the countryside.

Finally admitting I was thoroughly lost, I made a pivotal decision to head towards something that sound right (note, however, that I was wrong) and headed on my way. I had tried to enable data access on my phone so I could use Google Maps, but I couldn’t get an EDGE connection where I was. Finally, my friends called to tell me that the castle restaurant was closed and we were going to meet in Rothenburg. I quickly corrected myself via a useful Info-station with a map (not driving a rental so there was no map in the car :-\) and found my way.

This is why navigation units are so useful in Germany - roads twist and turn through various little towns and it’s very easy to miss a turn.

For the visually inclined, here’s a link to a map of the route I should have taken:

And the route I did take:

You can see, of course, right around Neuhof an der Zenn where I should have taken a right turn and instead continued on my way. I remember that exact moment thinking, this doesn’t seem right… Perhaps I should listen to my intuition more often.