Networking How To
| Networking |
|---|
| Networking Topics |
| How To · Troubleshooting · Technical Notes |
[edit] How to analyze Wireshark PCAP capture
First feed it through the latest version (>= 0.7.4) of ettercap
ettercap -Tqr <capture>
If you know what you are looking for use grep on the package contents
ettercap -Tr <capture> | grep <text>
Then get Xplico and give it a whirl. You could als try chaosreader, but it is a bit old.
[edit] How to convert NETTL network capture to PCAP format
Use the -T (encapsulation) option on editcap tool that comes with wireshark:
editcap <in_file> <out_file> -T ether
The file format (-F option) defaults to libpcap, so there is no need to specify it
[edit] How to enable telnet on Westell Verizon 9100EM router
Verizon's FIOS router, based on the Jungo's OpenRG OS and Westell's hardware has its telnet interface disabled by default. You can enable it by doing the following easy steps:
- On the web interface, go to advanced->configuration file->export configuration. Save on a disk.
- Change "(telnets (disabled(1)))" to (telnets (disabled(0)))"
- Import the configuration back via the web interface
- Restart the router and try to telnet to it. After putting your user name and a password you'll be greeted with the OpenRG prompt. Type 'help all' to see all commands. 'system shell' is my personal favorite.
You could also use the same technique to close the 4567 port (TR-069 management). It is enabled by default and is a part of the UPnP discovery. The string to look to find this protocol is 'tr96'. You could also cloak it by creating appropriate ACL's and firewall rules.
CWMP is another big brother protocol, initiated by your router to talk to Verizon on a periodic basis. Look for cwmp and check if enabled is (0).
[edit] How to decrypt passwords on the Westell Verizon 9100EM router
If you are of a curious type you'll see obfuscated password in the file produced by advanced->configuration file->export configuration. The obfuscation is done by a per-byte addition of [56 F4 EF 50 34 AA EF 6B 55 4B 03 3C 9B 01 78 b4] to the original value with no overflow. Looks like all passwords in OpenRG are obfuscated in this way. BTW, the default access password, when de-obfuscated this way is "activeVOLUser1"
[edit] How to log traffic coming through a dd-wrt router
Add the rules in the backward fasion (stack or FILO or starting from the last)
- do the logging
iptables -I FORWARD 1 -j LOG --log-level 2 --log-tcp-sequence --log-tcp-options --log-ip-options --log-prefix "FORWARD " iptables -I INPUT 1 -j LOG --log-level 2 --log-tcp-sequence --log-tcp-options --log-ip-options --log-prefix "INPUT " iptables -I OUTPUT 1 -j LOG --log-level 2 --log-tcp-sequence --log-tcp-options --log-ip-options --log-prefix "OUTPUT "
- ignore logging the logging messages and the corresponding dns resolution
iptables -I OUTPUT 1 -j ACCEPT -s 192.168.1.1 -d 192.168.1.50 -p UDP --sport 53 iptables -I INPUT 1 -j ACCEPT -s 192.168.1.50 -d 192.168.1.1 -p UDP --dport 53 iptables -I OUTPUT 1 -j ACCEPT -s 192.168.1.1 -d 192.168.1.50 -p UDP --dport 514
- ignore ssh traffic
iptables -I OUTPUT 1 -j ACCEPT -s 192.168.1.1 -d 192.168.1.90 -p TCP --sport 22 iptables -I INPUT 1 -j ACCEPT -s 192.168.1.90 -d 192.168.1.1 -p TCP --dport 22
[edit] How to set up wireshark display filter to cut out noise
not (ip.addr==noisyip || arp || ipx || eigrp || loop || cdp || stp || smb || nbns || dcerpc || nbss || dns)
[edit] How to see OpenRG firewall events in real time
Print current firewall events to console user terminal to connect to the router run
Wireless Broadband Router> log lev_on 6
[edit] How To Reconfigure OpenRG router from console
user terminal to connect to the router
Wireless Broadband Router> conf print / Wireless Broadband Router> conf print /fw/rule/loc_srv/2/services/0/trigger/0/protocol Wireless Broadband Router> conf set /fw/rule/loc_srv/2/services/0/trigger/0/protocol 6 Wireless Broadband Router> conf reconf 1
[edit] How To Open UFW for incoming syslog
sudo ufw allow proto udp from 192.168.1.2 to 192.168.1.10 port 514
[edit] How To Poke a hole in dd-wrt
iptables -I INPUT -p udp --dport 1194 -d doorknob -j ACCEPT
[edit] How to adjust Windows XP firewall for Cisco VPN
echo Setting ICMP (PING)..... REM **ICMP (PING): Allow outbound source quench, inbound echo request, outbound time exceeded netsh firewall set icmpsetting type = 4 mode = enable netsh firewall set icmpsetting type = 8 mode = enable netsh firewall set icmpsetting type = 11 mode = enable echo Setting File and Print Sharing..... REM **WINDOWS AUTHENTICATION PORT SETTINGS: Open File and Print Sharing ports to the 22 subnet netsh firewall set service type = FILEANDPRINT mode = ENABLE scope = CUSTOM addresses = 128.143.22.0/255.255.255.0 profile = ALL echo Setting Cisco VPN Client..... REM **ALLOW CISCO VPN TO WORK WITH FIREWALL ENABLED netsh firewall set portopening protocol = UDP port = 500 name = CiscoVPN(ISAKMP) mode = ENABLE profile = ALL scope = CUSTOM addresses = 128.143.0.0/255.255.0.0,192.35.0.0/255.255.0.0,137.54.0.0/255.255.0.0,172.16.0.0/255.255.0.0,172.25.0.0/255.255.0.0,172.26.0.0/255.255.0.0,199.111.0.0/255.255.0.0,198.32.48.0/255.255.255.0,198.32.44.0/255.255.255.0 netsh firewall set portopening protocol = UDP port = 62515 name = CiscoVPN mode = ENABLE profile = ALL scope = CUSTOM addresses = 128.143.0.0/255.255.0.0,192.35.0.0/255.255.0.0,137.54.0.0/255.255.0.0,172.16.0.0/255.255.0.0,172.25.0.0/255.255.0.0,172.26.0.0/255.255.0.0,199.111.0.0/255.255.0.0,198.32.48.0/255.255.255.0,198.32.44.0/255.255.255.0 netsh firewall set allowedprogram program = "C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe" name = CiscoVPN2 mode = ENABLE profile = ALL scope = CUSTOM addresses = 128.143.0.0/255.255.0.0,192.35.0.0/255.255.0.0,137.54.0.0/255.255.0.0,172.16.0.0/255.255.0.0,172.25.0.0/255.255.0.0,172.26.0.0/255.255.0.0,199.111.0.0/255.255.0.0,198.32.48.0/255.255.255.0,198.32.44.0/255.255.255.0 echo Setting Symantec Antivirus..... REM **SYMANTEC MANAGED ANTIVIRUS PORT SETTINGS: Opens a port to allow communication with Symantec Antivirus Server netsh firewall set portopening protocol = UDP port = 38293 name = SymantecManagedAVUDP38293 mode = ENABLE profile = ALL scope = CUSTOM addresses = 128.143.0.0/255.255.0.0,192.35.0.0/255.255.0.0,137.54.0.0/255.255.0.0,172.16.0.0/255.255.0.0,172.25.0.0/255.255.0.0,172.26.0.0/255.255.0.0,199.111.0.0/255.255.0.0
[edit] How to configure cisco vpn and outpost firewall
And here's a little more elegant way to manually remove the vsdatant driver:
1.) go to the device manager 2.) make the hidden devices visible (view --> show hidden devices) 3.) search for the "vsdatant" entry in the non-PNP-section 4.) right click the entry and choose "uninstall"
If I do find a way to automate this whole process then I'll post it here - just to add another variant in addition to the batch-method of dianneg (which is also fine).
[edit] How to run OpenVPN on WRT54G
- Download and install. may need to additional libraries
iptables -A FORWARD -j logaccept -p udp --dport 443
- change the logging to go to /tmp/somethhing instead of stdout
- add routing on wrtg and client
- solve the issue of loosing default gateway
iptables -I INPUT 1 -p tcp --dport 443 -j ACCEPT /jffs/usr/sbin/openvpn --dev tap0 --tls-server --key /jffs/usr/etc/homewall.key --cert /jffs/usr/etc/homewall.crt --dh /jffs/usr/etc/dh1024.pem --ca /jffs/usr/etc/ca.crt --comp-lzo --port 443 --proto tcp-server --verb 3 --daemon
[edit] How to test MPU with ping
ping -f -l 1500 someip
play with the -l value until you are satisfied
|
|||||
