I have setup NTOP on Centos 5.5 and am not seeing traffic that I am supposed to be seeing. We have a product that uses many different services including ssh. I have this system as a target on mirrored ports but am not seeing any ssh connections or activity when I look at the host machine that is connected to the target ssh client and vice versa. When I look under TCP/UDP Service/Port Usage it is not displaying all the services that are being used especially SSH. What could it be?
I have installed ntop and it works fine, but I do not use it every day. Somehow it installed to start on boot. I do not want it to start automatically at system start/boot. I looked and searched, and looked some more but I can not figure out how to stop it from starting at boot time. I'm using Unbuntu 10.
I am a under-graduate student. my prof has implemented an adhoc protocol and simulated it on some network simulation software and it worked out of box. She want to implement it on real world unix/linux systems. i am sure it is possible, but i dont know where to start from.
I have ssh running on port 22 and that is the only thing I want in/out of this particular box (ssh, scp).But when I use iptables to set the default policies for INPUT, FORWARD, and OUTPUT to DROP and then allow 22:
I am new to using wireshark and I've been browsing around the packets it a bit. I figured I'd try and use it to cut into a protocol that isn't documented, that I can find, but doesn't seem particularly secure. I tried cutting into a protocol and I turned _everything_ off, but wireshark was still picking up packets left right and centre. So I decided to stop the internet daemon and still, packets were being sent over the internet. So I decided to pick some of the IPs and do a reverse look-up. Each and every one of the IPs are of Russian origin or close.
I'm under the impression that these are unwanted packets. I've also noticed that they are sending data from the same port: 32165. Another thing I noticed while doing reverse look-ups is a lot of these IPs are hit in 'Spam & Open Relay Blocking System' and 'Project Honey Pot' which seem to be spam blockers and trackers. What I should do or what I should investigate? The reverse look-ups are only providing me with the ISP which 'owns' the IP block the IP is apart of. They are from various ISPs every time.
I have project which need to stream audio to multiple remotely connected devices on internet.the best protocol for streaming with minimum or no audio distortion.
I have installed version of ntop 4.0.3 by guide.But I can't start ntop daemon/service. I didn't find a service file for starting.During the installation there was no problem only want to RRDTool so I installed that. Now there is no necessary package required.
I installed it from the packages list and the eye candy has been good.
However, in trying to fix an error showing up in syslog
Feb 1 17:37:38 host ntop[30764]: **ERROR** Buffer too short @ dataFormat.c:144 (increase to at least 56) [230982 years, 187 days 7:107374]
I started looking at the configuration files; well attempted. It asks for a login. It isn't any user or root, but apparently is admin, but IO don't ever remember setting it.
Various web search suggests it is done at compile(downloaded compiled) /installation, but I have no recollection of entering any.
There is a Redhat/Centos wrinkle ntop -set-admin-passwd=password; but that puts out a lot of lines, then hangs and has no effect.
Note, despite message(old version of ntop), it is up todate in packages.
I am not able to installed ntop ( network monitor tool ) while run below command, i have got the error #./autogen.sh configure: error: Unable to find RRD at /usr/local: please use --with-rrd-home=DIR
While running some live tests last week I saw an odd situation where netstat appeared to be displaying the wrong PID and process name for TCP connections. I'm trying to figure out if this is just a strange netstat bug or if it could indicate something odd is happening with our software.
We have a main program which establishes a number of connections, including connecting to a JMS server and listening/accepting a TCP connection. The main program also creates a child process which it uses to communicate with another server. On at least three occasions we saw a situation we saw netstat reporting all the expected TCP connections (correct ip/port for both source and destination), however the child process, instead of the main, was listed for the PID. The main process was still running but netstat no longer reported any TCP connections established by the main program. The main program continued to function correctly, the JMS communication continued to work and we believe the other TCP connection was functioning correctly despite the program supposedly not having any TCP connections.
I'm wondering if this could simply be a bug and/or obscure functionality of netstat that I don't understand which would cause netstat to report the child process as 'owning' the parents TCP connections. I don't know how this would happen or why the parent would continue functioning despite the problem otherwise.
A small "mom and pop" WISP would like to provide account usage information to customers.Basically, when a person connecting to the WISP's web site is a customer with an IP address from within the WISP's subnets, a link would appear on the web page where customers could read total bandwidth usage (daily, weekly, monthly, and yearly totals and averages) and public IP address. Information could include the top five bandwidth URLs visited; graphs or charts of usage; and usage during specific periods, such as business hours (8AM-5PM), evening hours (5PM-10PM), night (10PM-8AM), and weekends (10PM Friday-8AM Monday).
The WISP has installed cricket (http://cricket.sourceforge.net) and rrdtool (http://oss.oetiker.ch/rrdtool). The next trick is to grab and format the data for customers.I'm not looking for answers like "look at xyz package." Helpful responses will include a rudimentary outline to solve the problem. That is, "xyz package" might indeed be what the WISP needs, but some guidance how to use xyz is needed to move down the road.I have no experience with this type of thing. I appreciate responses from people who are experienced.
I have a network connection between 3 computers sharing the same net bandwidth with the same router (modem), I wanted to know how much every one of this network taking from the bandwidth, I want an easy program like switch-sniffer (see the pic) to scan the network and tell me how much every one taking from this network in real time.
I have a linux box that I'm using to mount a windows 7 share with samba or cifs. The mounting itself goes fine, but directories with more subdirs or files do not seem to have all the content they actually have.
For example, viewing my music folder shows only first 37 subdirs. The ls says "total 49", which is the correct amount, but the listing itself shows only 37 first in alphapetical order.
On the other hand, my wallpaper folder contains 122 files. Ls claims there is 41872 and displays only 70.
Adding the mount option noserverino increases the listed files or dirs, but it still does not show them all.
I've tried to enable debug printk level, but dmesg doesn't show anything interesting.
I've tried to change values in /proc/fs/cifs, but it does not seem to have any effect.
I've tried changing samba package. So far I've tested with 3.5.7, 3.5.2, 3.5.4 and now 3.5.8.
My distribution was yesterday slackware 13.1. Today I upgraded to 13.37 (with samba 3.5.8) but the problem persists.
I've tried with kernel versions 2.6.35.12, 2.6.38.2 and 2.6.37.6.
I've used linuxquestions.org from time to time, but never needed to register until now.An in-depth explanation of this issue is already described over here: [URL], so I will merely quote it again here - it seems nobody knows the solution over at Ubuntu's forums...:
Quote: I recently switched my home server from debian lenny to ubuntu maverick. I've managed to port all my configs and stuff and so far I'm very happy. There's one tiny thing that's griping me, that I never experienced before with debian's (older) packages/configuration... Here's the situation: My server dials up 2 pppoe (adsl) interfaces (different isp's) with split internet routes.
If I run a general traceroute to an internet IP, all the hops which are not routed via the same interface as the destination host/IP, will appear as "* * *" in the traceroute. This was never the case before and it would be preferred to see the IP's of all routers along the way regardless of whether they are routed... (I used to be able to see IP's like 10.0.0.x before through INTERNET traceroutes if they were hops along the way [IP's which would be unreachable if traced directly], and that's no longer the case) - isn't this kinda defeating the point of traceroute?
On openSUSE 11.3 I was using remmina as a replacement for tsclient. After upgrading to openSUSE 11.4 (Did a complete new install) Remmina only seems to support SSH connections. All other protocols like RDP, NX and VNC are missing. I got FreeRDP and rdesktop etc. Installed and can connect to RDP sessions from the terminal.
I m pretty new to Linux..! I've been given a task to modify network protocol(TCP in particular). So now i've to make few changes to the kernel which includes modifying few source files. So i want to know how can i go abt it. Till now i've explored various .c files of kernel(Eg.tcp.c,tcp_input.c etc etc)by referring few books. And now comes the important part of implementing it. So how exactly can i go abt it?? I went thru various threads like installing a kernel,compliling a kernel and other things. But i m not getting the exact sequence in which i should do it. I've installed fedora 10. But i cannot see any source files which i can modify. Where and how can i modify these files?
Currently I have 2 Lan card in My System one for communicate client pcs (Lan card Ip 192.168.1.100) and other for Internet (Lan card ip 192.168.0.100.) All client pcs are in 192.168.1.0 Subnet
Here i implement my system as router through iptables all clients are communicate through only 192.168.1.100 (clients default gateway also 192.168.1.100) Now no problem for forward rules when my system is active all clients are get internet.
Now i have problem with blocking UDP protocols i tried lot of things in net iptables -A INPUT -s 192.168.1.0/255.255.255.0 -p UDP -j DROP
But it's not blocking UDP protocols (i change UDP to ICMP Protocols then icmp is blocked every ip address)
The ip_blacklist chain is used to immediately drop any traffic from specified address ranges, while the tcp_, udp_, and icmp_packets chains contain rules for further processing of those protocols. The last rule in each of the latter three chains drops all packets that didn't match any rules above it; so tcp, udp, and icmp packets should NOT get caught by the default INPUT policy (DROP). The goal of the last rule on the INPUT chain is to then log any packets that are picked up by the default policy. However, it's not working.
I can tell that there are packets being picked off by the default policy because the counters are being incremented, but nothing is logged by that last rule. My conclusion is that it's only looking for tcp, udp, and icmp packets and ignoring everything else.
How to get iptables to log all the other protocols (or whatever is being caught by the default policy)?
I'm attempting to write an application that needs to read and reply to messages that will appear via 3 different methods:
1) Standard serial communications 2) TCPIP over serial via PPP 3) TCPIP over Ethernet
The problem is that I'd like for the application to be able to receive packets from any and all of the three interfaces simultaneously. I shouldnt have much trouble with performing #1 and #3 at the same time, as I think I can just get a file descriptor from termios and another for a socket and then use select to wait for data. But #2 is problematic.
First I dont know how to set up a socket that uses PPP as the data link layer. And secondly, (here's the big one) this PPP data is coming over the same port that the serial data is. There's no chance for data collision, and I am guaranteed not to receive another packet until I respond to the last one (in the same protocol at that) but incoming packets may or may not be PPP/TCP/IP framed.
My app will act like the PPP client, so I was just thinking "somehow" that I could run a standard termios application on the serial port which would begin to interpret the packet. If its PPP framed then it would have to get passed to a PPP client, which would be listening to my application rather than a physical port. And I have no idea how to do that. Is there an API available that will help me with the PPP packets?
How hard would it be to write a device driver that simulates a serial port. The device can listen on a real serial port, interpret its contents to an extent, and then distribute the incoming data to multiple "virtual" serial ports, which the main application can then listen to for incoming traffic.
I would like to allow multi users to access P2P networks, so I wonder if there's a way to tracking these kind of protocols with netfilter, and also compatibility with nat, like the module conntrack_ftp seems to do with the FTP protocol.
I want to connect my Debian Squeeze machine to my school wireless network with wpa_supplicant.
I think the network uses 802.1X authentication, because when the other students connects to the network for the first time in Windows they enter their username and password then the connection is established. I have asked the the IT staff but they do not known what 802.1X, PEAP EAP etc. is and just say "Enter the login details in the box!".
If I bring a Windows 7 machine to school and successful connects to the network, is it then possible for me to extract the information [and extract a certificate if used on the network] from Windows somehow so i can setup the wpa_supplicant.conf correctly on Debian?
The information I want to extract is which protocols are used, like PEAP,MSCHAP etc.
