Let's say we want to block access to the creatively named www.badsite.com.
I bet you've already configured DNS server to resolve the name in your router, if not
Router(config)# ip name-server 1.1.1.1 2.2.2.2
Router# ping www.techrepublic.com
Translating "www.techrepublic.com"...domain server (1.1.1.1) [OK]
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 216.239.113.101, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
Router#
To actually block the undesirable Web site, we need to create an access control list (ACL) to define exactly what we want to block. Here's an example:
Router(config)# access-list 101 deny tcp any host www.badsite.com eq www
Allow to all rather than above
Router(config)# access-list 101 permit tcp any any eq www
Check your access like in router
Router# sh run | inc access-list 101
access-list 101 deny tcp any host 66.116.109.62 eq www log <-- you can block by address and also using log to monitor with syslog. i.e Kiwi Syslog Server.
Tuesday, November 17, 2009
TCPDump: Capture and Record Specific Protocols / Port
Q. How do I capture specific protocol or port such as 80 ( http ) using TCPDump tool under Linux / UNIX? How do I recording Traffic with TCPDump and find problems later on?
A. TCPDump is a tool for network monitoring and data acquisition. It can save lots of time and can be used for debugging network or server related problems. Tcpdump prints out a description of the contents of packets on a network interface that match the boolean expression.
Monitor all packets on eth1 interface
tcpdump -i eth1
Monitor all traffic on port 80 ( HTTP )
tcpdump -i eth1 'port 80'
Monitor all traffic on port 25 ( SMTP )
tcpdump -vv -x -X -s 1500 -i eth1 'port 25'
Where,
• -vv : More verbose output
• -x : When parsing and printing, in addition to printing the headers of each packet, print the data of each packet.
• -X : hen parsing and printing, in addition to printing the headers of each packet, print the data of each packet (minus its link level header) in hex and ASCII. This is very handy for analysing new protocols.
• -s 1500: Snarf snaplen bytes of data from each packet rather than the default of 68. This is useful to see lots of information.
• -i eth1 : Monitor eth1 interface
Capturing traffic information using cronjobs
tcpdump can be used to find out about attacks and other problems. Let us say your webserver facing problem everday at midnight. Enter following command into cron. It will schedule capturing of 30,000 packets and writing raw data to a file called port.80.debug.txt:
@midnight /usr/sbin/tcpdump -n -c 30000 -w /root/port.80.debug.txt
Next day you can log into your box and read the /root/port.80.debug.txt file:
tcpdump -X -vv -r /root/port.80.debug.txt
This simple technique can be used record and debug problems.
Further readings:
• man page tcpdump
A. TCPDump is a tool for network monitoring and data acquisition. It can save lots of time and can be used for debugging network or server related problems. Tcpdump prints out a description of the contents of packets on a network interface that match the boolean expression.
Monitor all packets on eth1 interface
tcpdump -i eth1
Monitor all traffic on port 80 ( HTTP )
tcpdump -i eth1 'port 80'
Monitor all traffic on port 25 ( SMTP )
tcpdump -vv -x -X -s 1500 -i eth1 'port 25'
Where,
• -vv : More verbose output
• -x : When parsing and printing, in addition to printing the headers of each packet, print the data of each packet.
• -X : hen parsing and printing, in addition to printing the headers of each packet, print the data of each packet (minus its link level header) in hex and ASCII. This is very handy for analysing new protocols.
• -s 1500: Snarf snaplen bytes of data from each packet rather than the default of 68. This is useful to see lots of information.
• -i eth1 : Monitor eth1 interface
Capturing traffic information using cronjobs
tcpdump can be used to find out about attacks and other problems. Let us say your webserver facing problem everday at midnight. Enter following command into cron. It will schedule capturing of 30,000 packets and writing raw data to a file called port.80.debug.txt:
@midnight /usr/sbin/tcpdump -n -c 30000 -w /root/port.80.debug.txt
Next day you can log into your box and read the /root/port.80.debug.txt file:
tcpdump -X -vv -r /root/port.80.debug.txt
This simple technique can be used record and debug problems.
Further readings:
• man page tcpdump
Change MAC address of your Linux machine
1. First shutdown your eth0
ifdown eth0
2. Check you MAC Address
ifconfig -a | grep HWaddr
3. Change to new mac address
ifconfig eth0 hw ether 00:11:09:11:69:80
4. Turn back on your eth0
ifup eth0
ifdown eth0
2. Check you MAC Address
ifconfig -a | grep HWaddr
3. Change to new mac address
ifconfig eth0 hw ether 00:11:09:11:69:80
4. Turn back on your eth0
ifup eth0
Exchange 2003 Server Database Repair with ESEUTIL
Public Folder Store
D:\Exchsrvr\bin\eseutil.exe –mh D:\Exchsrvr\mdbdata\pub1.edb
D:\Exchsrvr\bin\eseutil.exe –cc D:\Exchsrvr\mdbdata\pub1.edb
D:\Exchsrvr\bin\eseutil.exe –p (or) -r D:\Exchsrvr\mdbdata\pub1.edb (use this on last resort)
D: \Exchsrvr\mdbdata\pub1.stm
Mailbox Store
D:\Exchsrvr\bin\eseutil.exe –mh D:\Exchsrvr\mdbdata\priv1.edb
D:\Exchsrvr\bin\eseutil.exe –cc D:\Exchsrvr\mdbdata\priv1.edb
D:\Exchsrvr\bin\eseutil.exe –p (or) -r D:\Exchsrvr\mdbdata\priv1.edb (use this on last resort)
D:\Exchsrvr\mdbdata\priv1.stm
D:\Exchsrvr\bin\eseutil.exe –k D:\Exchsrvr\mdbdata\e00.log
D:\Exchsrvr\bin\eseutil.exe –k D:\Exchsrvr\mdbdata\e00.chk
D:\Exchsrvr\bin\eseutil.exe –ml D:\Exchsrvr\mdbdata\e00.log
Go under d:\exchsrvr\mdbdata\
D:\Exchsrvr\bin\eseutil.exe /r e00 -i
D:\Exchsrvr\bin\eseutil.exe –mh D:\Exchsrvr\mdbdata\pub1.edb
D:\Exchsrvr\bin\eseutil.exe –cc D:\Exchsrvr\mdbdata\pub1.edb
D:\Exchsrvr\bin\eseutil.exe –p (or) -r D:\Exchsrvr\mdbdata\pub1.edb (use this on last resort)
D: \Exchsrvr\mdbdata\pub1.stm
Mailbox Store
D:\Exchsrvr\bin\eseutil.exe –mh D:\Exchsrvr\mdbdata\priv1.edb
D:\Exchsrvr\bin\eseutil.exe –cc D:\Exchsrvr\mdbdata\priv1.edb
D:\Exchsrvr\bin\eseutil.exe –p (or) -r D:\Exchsrvr\mdbdata\priv1.edb (use this on last resort)
D:\Exchsrvr\mdbdata\priv1.stm
D:\Exchsrvr\bin\eseutil.exe –k D:\Exchsrvr\mdbdata\e00.log
D:\Exchsrvr\bin\eseutil.exe –k D:\Exchsrvr\mdbdata\e00.chk
D:\Exchsrvr\bin\eseutil.exe –ml D:\Exchsrvr\mdbdata\e00.log
Go under d:\exchsrvr\mdbdata\
D:\Exchsrvr\bin\eseutil.exe /r e00 -i
Subscribe to:
Posts (Atom)
-
ကကုသန္ဓော ကောဏဂမနော ကဿပေါ ဂေါတမော မုနိဆယ်ထား ဆယ်တော်မူမြတ်စွာဘုရား မေတ္တယျော ပဉ္စဗုဒ္ဓေါတေ သိသေမေသန္တ သဗ္ဗဒါ ဧတေသံ အာနုဘာဝေန ရက္ခဒေဝါ မဟိဒ္ဓ...
-
Ref: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1006651 Ref: http://ict-freak.nl/...
-
When running on Windows, Moshell uses a unix emulator known as Cygwin. Go directly to step 13 if you have already installed and configured c...