TCPDUMP’ing

Within Network Security & Support roles it’s normal practice to, at some point, have to jump onto a CLI and start messing around with tcpdump.

For me it’s usually when there’s a connectivity issues either between two hosts, i.e. server/client or server/server. That’s where TCPDUMP is a massive help, as packets don’t lie. If you can show said server/developer bod, in black and white what is going on, they can’t argues – although they still may. 😉

If I had a penny for every time a colleague blamed a firewall or the network for why their server isn’t communicating as it should, I’d be a wealthy man.

Below are some of my most frequently utilised tcpdump commands and switches, and what they do and print.

My Favourite TCPDUMP Commands

tcpdump -i any host 10.1.1.1 and host 10.2.2.2

This is a good starter to see all traffic between two hosts. After you’ve confirmed you’re receiving output you can then look to add further switches to filter further.

Useful Switches

tcpdump -D shows the interfaces you can capture on

tcpdump -i any will capture traffic on all available interfaces

Use -c to stop your tcpdump after a specific number of packets have been captured

To display IPs and not hostnames use the -n switch

The default packet capture byte size is 65535, i.e. the full packet, therefore if you only want to capture the first 64 or 96 bytes of each packet, use the -s switch

-S will turn off relative sequence numbers and give you the complete, harder to read strings

Use the -w <filename>.pcap to write a capture to a file, but use -v to display how many packets have been captured to file.

You can view your written capture files on the CLI, however they display just the same, therefore I prefer to review them in Wireshark.

That’s a whole series of blog posts in itself though, happy capturing 🙂

I.

Ubuntu_TCPDUMP

 

HP Proliant Gen8 Home Server

Home servers have become really popular over the last 5 years or so, whether they be your regular NAS or a more home server flavour, with MS Windows, Linux or a Hypervisor as an OS.

I decided to jump aboard the band-wagon, so picked up a Gen 8 HP Proliant from eBuyer to utilise as a mix of the below:

  1. Plex Media Server
  2. Home Lab for study

I have since added a 4TB WD Red hard drive and will be picking up 16GB (2×8) of Ram in the coming weeks to max out it’s two dimm slots. I will, at some point, also add additional disks and employ RAID – with 0 (Striping) or 1 (Mirroring) being the options.

Plex Media Server

Plex is a client-server media player system and allows you to consolidate all of your pictures, films, Music etc in one location, and access it all from anywhere with an internet connection. You can stream the movies on a range of devices (iPads, SmartPhones etc), but you do have to pay £4.99 for the privilege – but in my eyes it’s well worth it.

Home Lab

This was the main reason I picked up a decent home server. As I work away the Gen8 allows me to remotely connect onto my home server and lab/test away in my own virtualised environments!

I initially went with Xubuntu as my server OS, which is perfect for home use as it’s lightweight and you don’t need to be a Linux developer to navigate around it. However, although the Gen8 supports RedHat Linux (RHEL) out of the box, to go above a 640×480 resolution you have to create your own bespoke driver!

If I had to do this just for a useful res, I assumed there would be other issues down the line I’d encounter too, therefore decided to wuss out and rebuild it with something more friendly – Windows Server 2016 Essentials!

After a couple of weeks running Server 2016 I decided to start fresh again, therefore went for a Hypervisor. My choice was the most popular, VMWare’s ESXi. This now means that I can spin up as many VM’s as I desire (resource allowing) – for example I have a Server 2016 VM, which sits on my LAN happily as my Plex Server. I then access all of my VM’s using the vSphere Client below.

vSphere Client

Other VM’s include Linux distro’s – Mint, Ubuntu etc and also a Cisco 1000v virtual router so I can try my hand at some Ansible Playbooks.

Bug-Bears

There are a few issues I had/have with the Gen8, and for all it’s positives here are a few negatives.

  • iLO requires a licence to mount virtual cd – 60 day workaround
  • No DVI or HDMI, just VGA
  • NTFS pendrives not supported, only Fat32, but 4GB file limit
  • To install an OS you need to load the relevant disk drivers before the OS will see the Array you’ve created prior in the BIOS – I had them on a USB pen-drive and you can grab them from here. You can also circumvent this using the HP Intelligent Provisioning utility, but I prefer the old fashion way.

I.

HP_Pro_Gen8

Powered by WordPress.com.

Up ↑