Wireshark Fun

Quick and dirty way to configure a wireless router(Airport Express), to use your linux pc as a network gateway. I needed to sniff the network of some wireless devices, which can be quite handy.

You'll need to do a few things:
1.) Enable IP Forwarding
2.) Configure iptables to nat/forward traffic from in one interface and out another
3.) Bridge the device, and use dhcpd to handle dhcp for the devices(Much easier to track)

Enable IP Forwarding:

echo 1 > /proc/sys/net/ipv4/ip_forward

Configure iptables(as root):

#Interface you are sending traffic out(eth0)  
#Going out usb-ethernet  
iptables --table nat --append POSTROUTING --out-interface eth0 -j
MASQUERADE  
#Going out my wireless  
iptables --table nat --append POSTROUTING --out-interface wlp8s0 -j
MASQUERADE

#Interface you are forwarding traffic from(Airport hooked to this
interface)  
iptables --append FORWARD --in-interface enp7s0 -j ACCEPT

Configure dhcpd4 to hand out dhcpcd on enp7s0

#Replace xxx IP with valid dns servers.  
[jmorgan@arch-dopey ~]$ cat /etc/dhcpd.conf  
option domain-name "arch-dopey.com";  
option domain-name-servers xxx.xxx.xxx, xxx.xxx.xxx;  
default-lease-time 14440;  
ddns-update-style none;  
deny bootp; shared-network airport {  
subnet 10.0.0.0 netmask 255.255.255.0 {  
option routers 10.0.0.1;  
option subnet-mask 255.255.255.0;  
pool { range 10.0.0.10 10.0.0.20; }  
}  
}  
#start dhcpd4  
[jmorgan@arch-dopey ~]$ sudo systemctl start dhcpd4

Launch wireshark, and watch traffic from the interface you are forwarding from(enp7s0 for me).

Enjoy

more ...

Client/Server Python Scripts

I started this site with the intent to do a weekly post, however I've found myself in Sweden for the past 8+ weeks for work.(There are worse places to spend your summer;). Sorry for lack of updates;x

There are 1000 different ways to triage network issues, here is one tool. A simple python server listening on a particular port, and printing out the details of what the client sent and a client to send said datas.

Server:

[jmorgan@arch-dopey ~]$ cat server.py  
#!/usr/bin/python2

import socket  
from datetime import datetime

s = socket.socket()  
host = socket.gethostname()  
port = 1337  
s.bind((host, port))

s.listen(5)  
while True:  
c, addr = s.accept()  
sockS= c.recv(3000).strip('\n')  
if sockS:  
logF = open('rLog', 'a')  
dt= str(datetime.now())  
wee="%s %s \n" % (sockS, dt)  
logF.write(wee)  
logF.close()  
sockS=None  
c.close()

Client:

[jmorgan@arch-dopey ~]$ cat tcpSend.py  
#!/usr/bin/python2  
import sys  
import socket  
from datetime import datetime  
ip = sys.argv[1]  
port = int(sys.argv[2])  
mCount = int(sys.argv[3])  
print "%s:%s %s packets" % (ip, port,mCount)  
count=0  
while count \<= mCount:  
logF = open('sLog', 'a')  
dt= str(datetime.now())  
msg="%s %s" % (str(count), dt)  
try:  
sock = socket.socket(socket.AF_INET, # Internet  
socket.SOCK_STREAM)  
sock.connect((ip, port))  
sock.sendto(msg, (ip, port))  
logF.write("Success: %s\n" % (msg))  
sock.close()  
except:  
dtE= str(datetime.now())  
logF.write("Fail:%s Start: %s End: %s\n" % (str(count), dt, dtE))  
count +=1  
logF.close()  
[jmorgan@arch-dopey ~]$

Usage:

#One terminal  
[jmorgan@arch-dopey ~]$ sudo ./server.py  
#Another terminal  
[jmorgan@arch-dopey ~]$ ./tcpSend.py localhost 1337 3  
localhost:1337 3 packets  
[jmorgan@arch-dopey ~]$ cat sLog  
Success: 0 2013-07-22 21:17:12.124353  
Success: 1 2013-07-22 21:17:12.124862  
Success: 2 2013-07-22 21:17:12.125124  
Success: 3 2013-07-22 21:17:12.125321  
[jmorgan@arch-dopey ~]$ cat rLog  
0 2013-07-22 21:17:12.124353 2013-07-22 21:17:12.124854  
1 2013-07-22 21:17:12.124862 2013-07-22 21:17:12.125148  
2 2013-07-22 21:17:12.125124 2013-07-22 21:17:12.125335  
3 2013-07-22 21:17:12.125321 2013-07-22 21:17:12.125485  
[jmorgan@arch-dopey ~]$

The client sends the timestamp when it sends the packet, and the server prints that along with when it received the packet. Works well to compare latency, dropped packets, etc over a network. Nothing fancy, just a quick and dirty script written under fire to triage an issue. In my situation, I would have the VIP quit responding at times so the Fail line let me know how often that happened for say 10,000 or 100,000 packets, as well the amount of time it took to send that number of packets between zones.

more ...