Did my blog help you? Please link to me!
15 Sep 09 Linux DHCP Server
DHCP is an acronym for Dynamic Host Configuration Protocol. It allows a host to broadcast a request for it’s IP settings. Hopefully, a DHCP server like the one we’ll be configuring will respond. Running tcpdump shows a dhcp request looks like:
17:26:02.003956 00:00:00:00:00:00 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0×0800), length 342: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request, length 300
Configuration is easy, to start with, just run ‘apt-get install dhcpd’
(more…)
Tags: apt-get, dhcp, dhcpd, Linux, ps, syslog, tcpdump
15 Dec 08 Some simple filtering and sniffing with tcpdump
tcpdump is one of the best network debugging tools available. In it’s most basic form, it will print network traffic in terms of a source and destination address to the console, more advanced uses include printing out captured ASCII and simple but powerful filtering.
# Start tcpdump listening on interface eth0, and do not attempt to resolve IP addresses to hostnames ( -n ).
What we see is:
20:51:40.853726 IP 93.97.Y.Y.52381 > 217.10.X.X.22: . ack 59548 win 16848
And this is repeated over and over. Now this is a feedback loop. As we are connected via port 22 (SSH), this loop will continue, and we must therefore filter it out:
Now we can cleanly monitor traffic. What happens though if we want to view SSH traffic, but not our own?
We can build this filter up as much as we wish. Let’s start watching HTTP (tcp port 80) traffic only:
Finally, let’s set the ’snaplen’ to 1500 bytes, and print out the captured data in ASCII:
E..Mn @.@..w.
..Xn!..P….’@..\.P…3…HTTP/1.1 404 Not Found
Date: Mon, 15 Dec 2008 21:05:17 GMT
Server: Apache/2.2.3 (Debian) PHP/5.2.0-8+etch13
Content-Length: 313
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC “-//IETF//DTD HTML 2.0//EN”>
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /favicon.ico was not found on this server.</p>
<hr>
<address>Apache/2.2.3 (Debian) PHP/5.2.0-8+etch13 Server at www.[HIDDEN].com Port 80</address>
</body></html>
And from this we can see all HTTP traffic. As you can see, it’s that easy to capture and decode plaintext traffic. We can do the same on port 110 (POP3):
Tags: ascii, http, https, IMAP, imaps, POP3, pop3s, sniffing http, tcpdump
15 Sep 08 Quick Linux and Windows OpenVPN HOWTO and tutorial, including VPN routing
OpenVPN is a popular Windows/Linux VPN Server/Client pair. I think there’s a separate GUI available for it if you’re so minded. This howto will cover command line usage only.
I’ll provide example configuration based on a Linux server and a Windows client, however the same applies pretty easily if you wanted to mix and match.
On debian, apt-get install openvpn. On any other linux distro, use your own package manager or alternatively download from source and compile.
(more…)
Tags: 10.8.0.1, 10.8.0.2, apt-get, client, compile, compression, daemon, daemonize, debian, default gateway, distro, established, forward, generate, interface, IP address, iptables, ip_forward, keepalive, Linux, linux server, masquerade, nat, openvpn, package manager, ping, related, remote, route, route add, route delete, route print, routing, secret key, server, source, tap, tcp, tcpdump, traffic, tun, udp, VPN, vpn client, vpn server, windows, windows client
|
I'm Adam Palmer, and I'm a Freelance Embedded Linux/Embedded Hardware enthusiast and Security Consultant. I run 'APNIC Solutions Ltd' and spend most of my time managing server clusters, and doing some PHP/MySQL development, whilst what little spare time I have is dedicated to playing with gadgets. I'm always happy to consult on or manage any Linux related, Web Application or Hosting project. Please get in touch with me! |
