Network security tools

From YobiWiki
Jump to navigation Jump to search

Tools

My own recipes for partition to partition copy over the network (ex. copying sdb5 from source on hda1 of target):
Target (192.168.1.1):

netcat -l -p 2000 -w 5 | dd of=/dev/hda1

It will wait max 5 secs so be prepared to launch immediately the next command as well on the source.
Source (192.168.1.2):

dd if=/dev/sdb5 conv=noerror,sync | netcat 192.168.1.1 2000

We can do better:
See what happen: add |pipeview| or |pv| if you have them to get real-time statistics on speed
Without pipeview you can still provoke dd to display stats by sending signals to it:

while :; do sleep 5; killall -SIGUSR1 dd;done

Compress on the fly: add |gzip -c| on source and |gunzip -c| on target
Compute checksums on-the-fly on both sides: create a fifo and md5 it.

So the complete ideal example:
Target (192.168.1.1):

mkfifo /tmp/foo
netcat -l -p 2000 -w 5 | pipeview | gunzip -c | tee /tmp/foo | dd of=/dev/hda1
# and in another window
md5sum /tmp/foo

Source (192.168.1.2), within next 5 secs:

mkfifo /tmp/foo
dd if=/dev/sdb5 conv=noerror,sync | tee /tmp/foo | pipeview | gzip -c | netcat 192.168.1.1 2000
# and in another window
md5sum /tmp/foo

Note that pipeview will measure drive speed on the source and network speed on the target due to its relative position with gzip (which you can swap of course)

  • SoCat: Netcat on steroids, if you were amazed by netcat, you've seen *nothing*!!!
    • See here how we use it to bypass proxies and there to replace minicom
    • We can also sniff a tty
socat -v -x PTY,link=/tmp/myttyUSB0,raw,echo=0,isig=0 /dev/ttyUSB0,raw,echo=0,isig=0

Sniff over network:

wireshark -N n -S -l -k -i <(ssh root@zeus tshark -w - not tcp port 22)
wireshark -N n -S -l -k -i <(ssh root@zeus tcpdump -s 1500 -w - -i lo not tcp port 22)

Others

Filtering

cf also