The linux box as transparent bridge
Sometime we can not mirror a switch port in order to access the data that are traveled on the wire... In this case how can we listen the data traffic? You can install a hub but on modern networks hubs that can sustain actual traffic speed is hard or even impossible to find.
So, what is the solution?
Well, the might Linux is here to help you. Of course, you need a laptop or another device (Raspberry PI?!?) with at least 3 network interfaces.
Actually, we will transform the linux box into a bridge
Before setting the bridge interface with brctl you should install the tools contained by bridge-utils package.
For debian like distros all you have to do is:
As root: apt-get install bridge-utils
This is a bridge script. Notice that only eth1 and eth2 interfaces are include into the bridge. The eth0 is left for it's usual purpose.
#!/bin/bash
/etc/init.d/networking stop
#Initializing bridge and interfaces
ifconfig br0 down
ifconfig eth1 down
ifconfig eth2 down
brctl delif br0 eth1
brctl delif br0 eth2
brctl delbr br0
sleep 1
echo "Bridge should be empty by now..."
brctl show
echo
echo
#Starting the bridge
echo "Bridge construction started..."
ifconfig eth1 0.0.0.0 up
ifconfig eth2 0.0.0.0 up
brctl addbr br0
brctl addif br0 eth1
brctl addif br0 eth2
brctl stp br0 off
echo "Bridge rised!"
echo "1" > /proc/sys/net/ipv4/ip_forward
ifconfig br0 up
brctl show
brctl showstp br0
brctl showmacs br0
# END script
Now all you can do is to interconnect your linux box in the middle of a network connection as follows (for ASCII art fans):
+----------------+ +--------------+ +-------------+
| | | | | |
| Local network +-----+ Linux box +-----+ Workstation |
| | | | | |
+----------------+ +--------------+ +-------------+
The bridge is transparent and you should not worry about what interface (we are talking only about eth1 and eth2) should be connected to the workstation or to the local network.
Now, you can dig into the network traffic listening the br0 interface... The tcpdump will show his magic. :)
Thursday, 21 April 2016
Wednesday, 25 November 2015
Seahorse "Gnome2 key storage" unlock issue
The issue:
Seahorse -> Certificates -> "Gnome2 Key Storage" folder unable to unlock
The fix:
Seahorse -> Certificates -> "Gnome2 Key Storage" folder unable to unlock
The fix:
- Close seahorse
- Make a backup of the ~/.local/share/keyrings/user.keystore file and remove it.
- Start seahorse again
Thursday, 19 November 2015
Friday, 23 October 2015
Mounting a NTFS partition saved as iso file
Simple as that, ntfs-3g does the magic:
root@ubuntu:/home/partimag/2015-10-22-15-img# ntfs-3g sda4.iso /dir-to-mount-location/
This example is somehow correlated with http://cybersec-linuxhorizon.blogspot.ro/2015/10/partclone-v0273-bug.html
Do not try to mount as loop (mount -o loop) because is not working...
root@ubuntu:/home/partimag/2015-10-22-15-img# ntfs-3g sda4.iso /dir-to-mount-location/
This example is somehow correlated with http://cybersec-linuxhorizon.blogspot.ro/2015/10/partclone-v0273-bug.html
Do not try to mount as loop (mount -o loop) because is not working...
Partclone (v0.2.73) bug
Restoring a Clonezilla partition backup using partclone v0.2.73 could fail as follow:
root@ubuntu:/home/partimag/2015-10-22-15-img# cat /home/partimage/sda4.ntfs-ptcl-img.gz.aa | gzip -d -c | partclone.restore -C -s - -O /home/partimage/sda4.iso
Partclone v0.2.73 http://partclone.org
Starting to restore image (-) to device (sda4.iso)
device (sda4.iso) is mounted at
error exit
Partclone fail, please check /var/log/partclone.log !
Digging a little bit, I found that the reason is very simple and I do not know if I can call it a bug or not.
Pure and simple, before running the restoring command you should create the iso file. In my example, you should create the sda4.iso file and the simple way is:
root@ubuntu:/home/partimag/2015-10-22-15-img#touch sda4.iso
I'm pretty sure that other partclone versions have the same issue...
I must say that Clonezilla distribution is a very useful tool for disk and/or partition cloning/restoring. Partclone is included in the Clonezilla distribution.
If your recovered partition is NTFS and want to mount it, use ntfs-3g as here: http://cybersec-linuxhorizon.blogspot.ro/2015/10/mounting-ntfs-partition-saved-as-iso.html
root@ubuntu:/home/partimag/2015-10-22-15-img# cat /home/partimage/sda4.ntfs-ptcl-img.gz.aa | gzip -d -c | partclone.restore -C -s - -O /home/partimage/sda4.iso
Partclone v0.2.73 http://partclone.org
Starting to restore image (-) to device (sda4.iso)
device (sda4.iso) is mounted at
error exit
Partclone fail, please check /var/log/partclone.log !
Digging a little bit, I found that the reason is very simple and I do not know if I can call it a bug or not.
Pure and simple, before running the restoring command you should create the iso file. In my example, you should create the sda4.iso file and the simple way is:
root@ubuntu:/home/partimag/2015-10-22-15-img#touch sda4.iso
I'm pretty sure that other partclone versions have the same issue...
I must say that Clonezilla distribution is a very useful tool for disk and/or partition cloning/restoring. Partclone is included in the Clonezilla distribution.
If your recovered partition is NTFS and want to mount it, use ntfs-3g as here: http://cybersec-linuxhorizon.blogspot.ro/2015/10/mounting-ntfs-partition-saved-as-iso.html
Subscribe to:
Posts (Atom)