dacaprice.com from fitness to technology. mostly technology. sometimes fitness.

20Jan/120

Rotating files with tcpdump

tcpdump -s 0 port 80 -C 10 -w /tmp/capture.pcap

The above command captures complete packets (-s 0) and writes them to /tmp/capture.pcap.  The -C 10 tells tcpdump to rotate the .pcap files out when they reach 10MB in size.  So capture.pcap would be the original, followed by capture.pcap1, capture.pcap2, etc.

One important note:  tcpdump drops permissions when you use the -C, so make sure you write to a directory that is world-writable.

Tagged as: , No Comments
1Sep/114

Cisco router ACL helper perl script

I am not a skilled programmer/scripter.  Here's a Perl script I wrote that takes the inbound rules for an access list on a Cisco router and spits out the corresponding rules for the outbound list.  It's still a work-in-progess.

UPDATE 09/07/11: slightly modified regular expression to better match different ACL syntax.

#!/usr/bin/perl -w
# cisco_router_aclgen.pl
# needs to handle resolvable ports (ntp instead of 123, dns 53, ssh 22, etc);

@inbound = ();
@outbound = ();
@invalid = ();

system "clear";   # clear the terminal screen

print "\n\n\t\tEnter your inbound ACL rules. Type end when finished or ^c to quit.\n";    # present user with prompt
while (<STDIN>) {   # loops through user input
  $inbound = $_;
  last if /^end$|^END$/;
     if ( $inbound =~ m/(no\ permit|permit)(\ ip|\ icmp|\ tcp|\ udp)(\ any|(\ host|\ \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})(\ \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}))(\ any|(\ host|\ \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})(\ \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}))?(\ eq\ \d{1,5}|\ range\ \d{1,5}\ \d{1,5}|\ any)(|\ log)$/ ) {
     $prefix = "$1$2";
     $src = "$3";
     $dst = "$6";
     #$ports = "$9";
     $ports = "$9";
     $outbound = "$prefix$dst$ports$src\n";
     print "1=$1, 2=$2, 3=$3, 4=$4, 5=$5, 6=$6, 7=$7, 8=$8, 9=$9, 10=$10, 11=$11, 12=$12, 13=$13\n";   # left in for debugging
     push @inbound, "$inbound";
     push @outbound, "$outbound";
       }  elsif ( $inbound =~ m/(no\ permit|permit)(\ ip|\ icmp|\ tcp|\ udp)(\ any|(\ host|\ \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})(\ \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}))?(\ eq\ \d{1,5}|\ range\ \d{1,5}\ \d{1,5}|\ any)(\ any|(\ host|\ \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})(\ \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}))(|\ log)$/ ) {
     $prefix = "$1$2";
     $src = "$3";
     $ports = "$6";
     $dst = "$7";
     $outbound = "$prefix$dst$src$ports\n";
     print "1=$1, 2=$2, 3=$3, 4=$4, 5=$5, 6=$6, 7=$7, 8=$8, 9=$9, 10=$10, 11=$11, 12=$12, 13=$13\n";   # left in for debugging
     push @inbound, "$inbound";
     push @outbound, "$outbound";
       }  elsif ( $inbound =~ m/^\!\n$|remark.*/ )  {
          push @inbound, "$inbound";
          push @outbound, "$inbound";
          }
       else {
       push @invalid, "$inbound";
       }
    }
system "clear";   # clear the terminal screen
print "\n\tWhat is the name of the INBOUND access list?\n\n";
   $acl_in_name = <>;
print "\n\tWhat is the name of the OUTBOUND access list?\n\n";
   $acl_out_name = <>;
system "clear";   # clear the terminal screen
print "#" x 100;
print "\n\nconfig t \nip access-list extended $acl_in_name";
    for $inbound (@inbound) {
      print "$inbound";
    }
print "no deny ip any any log\ndeny ip any any log\n\!\n\nip access-list extended $acl_out_name";
    for $outbound (@outbound) {
      print "$outbound";
    }
print "no deny ip any any log\ndeny ip any any log\nend\n\n";
print "#" x 100;
    if ( @invalid ) {
      print "\n\nThe following lines were not included in the access list because they do not follow normal ACL syntax:\n\n";
        for $invalid (@invalid) {
        print "\t$invalid";
        }
    }
print "\n" x 5;
Tagged as: , , 4 Comments
16Aug/110

Create a 100Mb file in Linux

I recently needed to create a 100 Mb file to do some testing.  It didn't matter what was in it, I just needed a file of that specific size.

I created it with the following command:

dd if=/dev/random of=filename bs=1024 count=102400

The options are as follows:

if = the source of the input

of = output file name

bs = in this case this sets the block size

count = the number of blocks to copy in the file

Multiply the number of blocks (count) times the size (bs) to calculate the size of the file (in bytes).

Tagged as: No Comments
9Aug/112

Basic DNS troubleshooting with dig

I don't usually end up troubleshooting DNS issues, but one thing led to another recently and I ended up elbows deep in DNS troubles.  I spent a good portion of my day on telcons with one party who actually administers the DNS servers for this client, and Akamai.  I did walk away with a better understanding of how Akamai works and basic DNS querying using the dig command in Linux.

The following shows the DNS equivalent of a traceroute.  Notice that is starts "tracing" the name from right to left, starting with the DNS root servers, then the .com, and so on.

[dacaprice@linux ~]$ dig dacaprice.com +trace

; <<>> DiG 9.7.4b1-RedHat-9.7.4-0.3.b1.fc14 <<>> dacaprice.com +trace
;; global options: +cmd
.            518400    IN    NS    a.root-servers.net.
.            518400    IN    NS    b.root-servers.net.
.            518400    IN    NS    c.root-servers.net.
.            518400    IN    NS    d.root-servers.net.
.            518400    IN    NS    e.root-servers.net.
.            518400    IN    NS    f.root-servers.net.
.            518400    IN    NS    g.root-servers.net.
.            518400    IN    NS    h.root-servers.net.
.            518400    IN    NS    i.root-servers.net.
.            518400    IN    NS    j.root-servers.net.
.            518400    IN    NS    k.root-servers.net.
.            518400    IN    NS    l.root-servers.net.
.            518400    IN    NS    m.root-servers.net.
;; Received 228 bytes from 208.67.220.220#53(208.67.220.220) in 273 ms

com.            172800    IN    NS    k.gtld-servers.net.
com.            172800    IN    NS    i.gtld-servers.net.
com.            172800    IN    NS    j.gtld-servers.net.
com.            172800    IN    NS    b.gtld-servers.net.
com.            172800    IN    NS    l.gtld-servers.net.
com.            172800    IN    NS    h.gtld-servers.net.
com.            172800    IN    NS    e.gtld-servers.net.
com.            172800    IN    NS    m.gtld-servers.net.
com.            172800    IN    NS    c.gtld-servers.net.
com.            172800    IN    NS    d.gtld-servers.net.
com.            172800    IN    NS    g.gtld-servers.net.
com.            172800    IN    NS    a.gtld-servers.net.
com.            172800    IN    NS    f.gtld-servers.net.
;; Received 491 bytes from 192.112.36.4#53(192.112.36.4) in 386 ms

dacaprice.com.        172800    IN    NS    ns1.comphouse.com.
dacaprice.com.        172800    IN    NS    ns2.comphouse.com.
;; Received 109 bytes from 192.41.162.30#53(192.41.162.30) in 70 ms

dacaprice.com.        14400    IN    A    72.32.185.230
dacaprice.com.        86400    IN    NS    ns2.comphouse.com.
dacaprice.com.        86400    IN    NS    ns1.comphouse.com.
;; Received 125 bytes from 72.32.185.230#53(72.32.185.230) in 50 ms

The next section illustrates how to query a specific DNS server.  In this case I queried ns2.comphouse.com (an authority for dacaprice.com).  The output shows the authoritative nameservers for dacaprice.com, the A record, mapping the name, dacaprice.com, to the IP address of the webserver and various other query-related statistics.

[dacaprice@linux ~]$ dig @ns2.comphouse.com dacaprice.com

; <<>> DiG 9.7.4b1-RedHat-9.7.4-0.3.b1.fc14 <<>> @ns2.comphouse.com dacaprice.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42212
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;dacaprice.com.            IN    A

;; ANSWER SECTION:
dacaprice.com.        14400    IN    A    72.32.185.230

;; AUTHORITY SECTION:
dacaprice.com.        86400    IN    NS    ns2.comphouse.com.
dacaprice.com.        86400    IN    NS    ns1.comphouse.com.

;; ADDITIONAL SECTION:
ns1.comphouse.com.    14400    IN    A    72.32.185.230
ns2.comphouse.com.    14400    IN    A    67.192.225.138

;; Query time: 52 msec
;; SERVER: 67.192.225.138#53(67.192.225.138)
;; WHEN: Tue Aug  9 22:07:10 2011
;; MSG SIZE  rcvd: 125



Tagged as: , , 2 Comments
26Jul/110

Check CPU architecture

dmidecode is a linux tool for dumping a computer's DMI table contents in a human-readable format.  To verify processor architecture information type the following command as root:

[root@linux]# dmidecode --type processor

Processor can be substituted for other options such as: bios, system, baseboard, chassis, memory, cache, connector, or slot.  In the past, I've also used dmidecode (with the chassis option) to snag the serial number off of a remote machine to call in for a warranty repair.

Tagged as: , No Comments