Archive

Category Archives for "Networking"

Baby Bro, Part 2: Conditionals, Address Types

Bro has native types for addresses and networks, making it much easier to work with network data. Today's Baby Bro script shows global variable definition, the use of the address and subnet types, and a simple conditional:



 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
# declaring global variables
# no need to put quotes around addr or subnet variable definitions
global ipv4_host:addr = 1.1.1.1; 
global ipv4_net:subnet = 1.1.0.0/16;
event bro_init()
    {   
    if (ipv4_host in ipv4_net)
        {   
        # addr and subnet types are autoconverted to strings with fmt 
        print fmt("%s is in network %s",ipv4_host,ipv4_net);
        }   
    else
        {   
        print fmt("host %s is not in network %s",ipv4_host,ipv4_net);
        }   
   }

Running this from the CLI, we get the expected output:

jswan@so12a:~/bro$ bro addr_net_types.bro
1.1.1.1 is in network 1.1.0.0/16

Bro also has several interesting built-in functions for working with network data that we'll explore in upcoming posts. For now, we'll take a look at the mask_addr function, which allows you to use Bro as an improvised subnet calculator. You can run a Bro Continue reading

Quiz #3 &#8211 NAT port redirection from inside to outside

As a network administrator, you've been requested to allow the internal clients to connect to a partner server 3.3.3.3 on port 12345. Unfortunately, you discover that your ISP blocks traffic on that TCP port 12345 and allows only some well-known ports, including 8080. How do you implement this ?

Baby Bro, Part 1: Functions Etc.

[Note: Blogger seems to have done something nasty to my new blog template, so it's back to the old one at least temporarily]

Here's my first "Baby Bro" post. Before getting into using Bro scripting for its intended use of network traffic analysis, I wanted to figure out how to accomplish basic tasks common to most programming languages:

  • Functions
  • Common types and variable definitions
  • Loops
  • Conditionals
  • Iteration of container types
  • Basic string and arithmetic operations
This is the kind of stuff that many programmers can figure out instantly by looking at a language reference sheet, but I think it helps the rest of us to have explicit examples.

I'm not sure if I'll get through all of them in this series, but here's a start: a main dish of functions, with a side of string formatting and concatenation.


 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
  1 # "add one" is the function name
  2 # (i:int) is the variable and type passed into the function
  3 # the final "int" is the type returned by the return statement
  4 function add_one(received_value:int Continue reading

Basic Bro Language References

Finding simple examples of Bro language features is somewhat difficult: the scripts that come packaged with Bro are written by experts in the language and are quite idiomatic.

Here are some of the basic Bro language references I've found so far. In upcoming blog posts, I'll show some "Baby Bro" that is even more basic than these examples.

From Ryesecurity by Scott Runnels(@srunnels):
Solving Network Forensic Challenges with Bro, Part 1
Solving Network Forensic Challenges with Bro, Part 2
Solving Network Forensic Challenges with Bro, Part 3
Logging YouTube Titles with Bro

Justin Azoff's (@JustinAzoff) Bro Presentation on Github

The Official Bro Workshop 2011 Pages

The Bro Language Cheat Sheet

Frozen Menubar on Mountain Lion fix


Ever noticed how the menubar just hangs since you upgraded to Mountain Lion? It gets very frustrating when you want to access one of the application icons on your menubar and you see the Mac spinning wheel or the beach spinning wheel or the rainbow wheel of death, as Mac haters would call it.

Here's a quick and easy fix to restart your menubar. Open a terminal window and type the following to kill the menubar process.

killall -KILL SystemUIServer

SystemUIServer is the process that runs the menubar and you can see it when you do a 'top' on your terminal console:


You'll see all menubar icons disappear and reappear and you will now be able to access menubar application icons.

Changes!

Yee-haw! New blog template!

Trying to figure out how to do source code highlighting in a way that doesn't suck or rely on external JavaScript hosting.

The Unified Skillset

I began my professional career after college by starting in route/switch. Although I still do plenty of route/switch work, I have also recently taken on responsibilities focused on more datacenter-centric technologies like virtualization, and storage, in addition to the networking in the back-end that makes it all work. Much to the stress of my schedule (and my……stress), one has not trumped the other - they simply exist in parallel.

The Unified Skillset

I began my professional career after college by starting in route/switch. Although I still do plenty of route/switch work, I have also recently taken on responsibilities focused on more datacenter-centric technologies like virtualization, and storage, in addition to the networking in the back-end that makes it all work. Much to the stress of my schedule (and my……stress), one has not trumped the other - they simply exist in parallel.

Nexgen Storage (Part 1) – Solution Overview

I was given the privilege to tinker with some gear from my friends over at Nexgen Storage. For those that have not heard of them, I encourage you to head over to http://www.nexgenstorage.com/product/technology and take a peek at the solution. They are one of the “little guys”, but they’re doing some cool things with respect to performance, and providing the ability to give priority to certain tiers of applications or tenants that are using the system.

Nexgen Storage (Part 1) – Solution Overview

I was given the privilege to tinker with some gear from my friends over at Nexgen Storage. For those that have not heard of them, I encourage you to head over to http://www.nexgenstorage.com/product/technology and take a peek at the solution. They are one of the “little guys”, but they’re doing some cool things with respect to performance, and providing the ability to give priority to certain tiers of applications or tenants that are using the system.

Nexgen Storage (Part 1) – Solution Overview

I was given the privilege to tinker with some gear from my friends over at Nexgen Storage. For those that have not heard of them, I encourage you to head over to http://www.nexgenstorage.com/product/technology and take a peek at the solution. They are one of the “little guys”, but they’re doing some cool things with respect to performance, and providing the ability to give priority to certain tiers of applications or tenants that are using the system.

When I connect to device with telnet or SSH I don’t see logging?

How does the internet work - We know what is networking

Cisco device will not send log messages to your terminal session by default. That means that you will see log messages in putty only if you are connected to console port but if you connect with telnet or SSH you will not get log messages. Here’s how to resolve this: There are three types of logging: […]

When I connect to device with telnet or SSH I don’t see logging?

Accidentally stealing the Internet

Just a few days ago we learned  about an incident involving a mis-issued SSL certificate that was used in a Man in the Middle attack to intercept Gmail data. In this blog post we’ll talk about how Man in the Middle (MITM) attacks work and we’ll look at recent BGP MITM event that caused traffic for some major networks such as Microsoft and Facebook to be redirected to an ISP in France.

Certificate authorities and SSL
Just as the DigiNotar storm seemed to have calmed down, Google announced they discovered, yet another Certificate Authority that was involved in a similar incident. TURKTRUST, a certificate authority, mis-issued two intermediate certificates that were later used to intercept SSL traffic to Gmail. In cases like this the attacker is interested in intercepting communication between Gmail users and the Gmail servers. In order to successfully execute such an attack the attacker will need to insert his fake Gmail impersonating webserver between the user and the actual Gmail servers, this is what we call a Man in the Middle Attack, sometimes referred to as MITM.
The challenge here is: how do you get the user to send traffic to your fake server instead of to the Continue reading

IPv6 – SLAAC EUI-64 Address Format

How does the internet work - We know what is networking

Stateless autoconfiguration or SLAAC SLAAC is another method in which the host or router interface is assigned a 64-bit prefix, and then the last 64 bits of its address are derived by the host or router with help of EUI-64 process which is described here. SLAAC uses NDP protocol to work. As the format of the EUI-64 format […]

IPv6 – SLAAC EUI-64 Address Format

phpIPAM installation on debian 6.0.6

I have received a request for help on manual installation of phpIPAM on debian linux, so I decided to write a small how-to if anyone else has problems or is not so familiar with linux distributions and environment. I have used fresh default debian 6.0 as distribution because it is widely used, I believe on ubuntu linux procedure should be very similar, except maybe for locations of some config files.

I have used the following settings for installation:

  • Fresh debian installation
  • MySQL server not yet installed and no root pass configured
  • Apache not installed and configured
  • phpipam will be installed in default directory (no vhosts) under /phpipam/ folder

If you already have MySQL/apache set you can skip point 3.

Installation procedure:

1.) Preparing environment and installing required apps

Update your sources (apt-get update) and install Apache, php and mysql server:

apt-get install apache2 mysql-server php5 php5-gmp php-pear php5-mysql php5-ldap

After all is installed and the apache server is running, you need to decide weather you will be running it under vhost or in subdirectory or root directory. For this guide I will have it in subdirectory http://server/phpipam/, so do the following:

cd /var/www/
wget http://freefr.dl.sourceforge.net/project/phpipam/phpipam-1. Continue reading

vSphere 5.1 Auto Deploy on Cisco UCS C220 M3 Server

I set up Auto Deploy in my home lab using vSphere 5.1 on an existing server, in order to boot a Cisco UCS C220 M3 server whose local hard drives have not arrived yet. I followed Duncan Epping’s walkthrough for Auto Deploy on vSphere 5.0, but this post is about what I had to do differently to get it working. Hopefully I save you some headaches. There might be some improvements to this process, but I was under a deadline and I know that it worked for me - please share any improvements in the comments.

vSphere 5.1 Auto Deploy on Cisco UCS C220 M3 Server

I set up Auto Deploy in my home lab using vSphere 5.1 on an existing server, in order to boot a Cisco UCS C220 M3 server whose local hard drives have not arrived yet. I followed Duncan Epping’s walkthrough for Auto Deploy on vSphere 5.0, but this post is about what I had to do differently to get it working. Hopefully I save you some headaches. There might be some improvements to this process, but I was under a deadline and I know that it worked for me - please share any improvements in the comments.
1 3,322 3,323 3,324 3,325 3,326 3,353