RSS

Tag Archives: Network

Down the network cable

Today I had some “low-level fun” @ the office: a colleague asked me a proof of the security of the traffic to its (https) site.
I suggested him to use WireShark to do this kind of test but I had my SLAX VM opened and ready! =)

I opened two consoles..the whole test is just two commands! The first one was to sniff into the network traffic, the latter to emulate a browser making GET requests.
One note: I was behind a proxy (10.10.0.1:3456 …this is fake if you’re wondering), so I needed to tell the OS where to redirect my HTTP/HTTPS traffic:

export http_proxy=10.10.0.1:3456
export https_proxy=10.10.0.1:3456

The sniffer

Now that I’m proxed I can listen all the TCP traffic over the port 3456, including request and response headers and message body.
I used tcpdump
.

tcpdump -A -s 0 'tcp port 3456 and (((ip[2:2] - ((ip[0]&0xf)<>2)) != 0)'

(Thx to jimmyxu101 for the filter syntax)

The “browser”

To emulate a GET request I used wget.

wget -S -O - http://www.google.com

This kind of call uses the port 80 (see the HTTP protocol). It will dump the result of the call to stdout.

To make the GET over HTTPS (443):

wget --no-check-certificate -S -O - https://www.google.com

Also this command will dump the result to stdout.

Finally

VoilĂ …on the wget terminal I can see all the traffic in clear (as my browser does) while on the tcpdump terminal I can read clearly ONLY the :80 traffic.

 
Leave a comment

Posted by on 2013/10/29 in sys

 

Tags: ,

Restoring the network into the guest VM

Sometimes into my VirtualBox guest (a Slax vm), it happens that I lost connectivity with the “outside” world. I do actually use a virtual NAT network adapter.

Edit: I found a better (see native) version to fix the connectivity! Be aware that, for an instant, eth0 will go DOWN (then up).

dhcpcd eth0 -n

Done!

OLD, RAW, VERSION:
Here’s the trick to restore it:

pkill dhcpcd
nohup dhcpcd eth0 &

This way I’ll kill and restore the DHCP client daemon.

I surely know this is the lazy way….I’ll should test one of these to kill the service (from man dhcpcd):

dhcpcd -k
kill -1 pid 

and one of these to restart it:

/etc/init.d/dhcpcd start

or maybe a renew:

dhclient -r
 
Leave a comment

Posted by on 2013/03/04 in sys

 

Tags: , ,