Run Node.js in a Docker container

In this post, I explore how to run a Node.js web application in a Docker container based on the StrongLoop Process Manager image. I also have a requirement to export and deploy the Docker container to a server that lacks internet access.


Create a new Node.js web app using express-example-app as the starting point

git clone

Head into the app folder and install dependencies

npm install

Start application using PM

slc start

Access http://localhost:3001 in a browser to ensure it works.

Shutdown PM

slc ctl shutdown

Create a new Docker container using StrongLoop PM image as the starting point

docker run --detach --restart=no --publish 8701:8701 --publish 3001:3001 --name strong-pm-container strongloop/strong-pm

Deploy example app by running following command in directory of app

slc deploy http://localhost:8701/ master

Access http://localhost:3001 in a browser to ensure it works.

Discover container’s id

docker ps -a

Commit container to a new image

docker commit 653811fd29f3 myimage

Save image to tar file

docker save -o myimage.tar myimage

Load image file in a new Docker instance (on another machine)

docker load -i myimage.tar

Run image in a new container

docker run --detach --restart=no --publish 3001:3001 --name strong-pm-container myimage

Access http://localhost:3001 in a browser to ensure it works.

Wireshark dissector in Lua for custom protocol over WebSockets

It is fairly easy to write a Wireshark dissector in Lua for your custom protocol over WebSockets. To understand the basics of writing, and using, dissectors for Wireshark in Lua, see Create a Wireshark dissector in Lua.

Here’s a template to get you started with writing your custom dissector. Replace port number 8002, with the port number where your WebSocket server listens for incoming connections, and the dissector should be called.


You can also register the dissector using declared WebSocket protocol name. Retrieve the ws.protocol dissector table instead of ws.port, and add your dissector to the dissector table using protocol name (a string) instead of port number.

If using WebSockets over SSL/TLS, you need to specify the server’s private key file in SSL protocol dissector‘s configuration, so that Wireshark can decrypt the traffic. The protocol field in configuration should be set to http.

Self-signed code signing certificates

Some setup and application executables need to be signed so that they are not flagged as a security risk by security software on Windows. Especially those that have virus-like behavior such as embedded executable resources that are extracted, and executed.

The following steps were performed on Windows, from the Developer Command Prompt installed by Visual Studio.

To generate self-signed certificate for code signing, run

makecert.exe -n -r -h 0 -eku "," -e 12/31/2017 -pe -sv Test.pvk Test.cer

Here’s a brief overview of the command line
-n subject name
-r create self-signed certificate
-h max height of tree below this cert
-eku comma separated enhanced key usage ids
-e expiration date
-pe private key is exportable
-sv private key file name

You may specify a password or leave it empty.

To convert self-signed certificate to PFX format for usage with SignTool, run

Pvk2Pfx -pvk Test.pvk -spc Test.cer -pfx Test.pfx

To use SignTool to sign an executable, run

SignTool sign /fd SHA256 /a /f Test.pfx filepath.exe

Install certificate (Test.cer) to local machine before running executable.Screen Shot 2017-02-23 at 09.17.03.png

Signing a Wix Toolset setup bundle

You cannot just sign the setup bundle executable and get it to work, because the embedded executable (engine.exe) remains unsigned and will be flagged as a security risk. Use the following steps to prepare setup bundle for installation without being flagged as a security risk.

First, detach the engine from setup as follows

insignia -ib setup.exe -o engine.exe

Sign engine.exe with your certificate using SignTool

SignTool sign /fd SHA256 /a /f Test.pfx engine.exe

Re-attach the signed engine.exe to the bundle

insignia -ab engine.exe setup.exe -o setup.exe

Sign setup.exe with your certificate

SignTool sign /fd SHA256 /a /f Test.pfx setup.exe

Retrieve OAuth 2.0 authorization code using JavaFX WebView

This post documents a snippet of code that can be added to Browser class in JavaFX WebView sample, to extract OAuth 2.0 authorization code.

Assuming you’ve configured WebView’s WebEngine to load the authorization URL, the authorization service will redirect you to the redirect_uri specified in the authorization URL, after a user logs in successfully. It will pass along the code parameter, that can be extracted as follows

JSON syntax highlighting in ScintillaNET

I am studying the excellent ScintillaNET code editing component, to enable basic JSON editing in a .NET application.

Inspired by the C# code highlighting example, here’s the code snippet to enable basic JSON syntax highlighting


Run Buildroot in a Docker Container

This post explores how you can run Buildroot in a Docker container. Follow the getting started to install Docker. I prefer using Docker with the PowerShell prompt on Windows 10.


To download and run the ubuntu image in a new container

docker run -it ubuntu bash

From another command prompt, run the following to find container id

docker ps -l

Use the -a option to see all containers

docker ps -a

Type exit to exit bash shell and stop container.

To return to container created earlier

docker start -ai container_id

Update apt-get package cache so that you can search and install additional packages

apt-get update

You should now be able to search

apt-cache search wget

And install your favorite tools

apt-get install wget

Obtain Buildroot


Untar Buildroot

tar xvzf buildroot-2016.11.2.tar.gz

Install dependencies required to run Buildroot

apt-get install patch cpio python unzip rsync bc bzip2 ncurses-dev git g++

Go ahead and build your Linux system.

Analyzing iBeacon traffic using nRF BLE Sniffer

I’ve been troubleshooting iBeacons lately, and Bluetooth LE Sniffer from Adafruit is my go-to tool for sniffing Bluetooth LE (BLE) traffic such as iBeacon advertisements. iBeacon detection can vary a lot depending on advertisement interval and timing, and signal strength and its variance with distance, line of sight (or lack thereof), interference with other iBeacons etc.

nRF Sniffer software captures all BLE traffic in libpcap format that can be viewed in Wireshark. Its Wireshark dissector has fallen behind and does not work with latest version of Wireshark. Since I have written Wireshark dissectors in Lua before, I was quickly able to port the native dissector to Lua.

Here’s an iBeacon advertisement dissected using the nordic_ble Lua dissector, and Wireshark’s native btle dissector, on OS X. Note that iBeacon payload proprietary to Apple is not yet decoded by Wireshark’s btle dissector.


Using data from the packet shown above, Apple’s proprietary payload has the following format

02 - ID
15 - Length (21 bytes)
3aa46f0c80784773be800255132aefda - 128-bit UUID
e4f2 - major number
e4c1 - minor number
b6 - two's complement of calibrated TX power

A filter such as contains e4:f2:e4:c1 can be used to filter packets based on major and minor numbers.