Difference between revisions of "Network security tools"

From YobiWiki
Jump to navigation Jump to search
m (Reverted edits by Etegohy (Talk) to last revision by PhilippeTeuwen)
 
(4 intermediate revisions by the same user not shown)
Line 15: Line 15:
 
** [http://netcat6.sourceforge.net/ Netcat6] with IPv6 support
 
** [http://netcat6.sourceforge.net/ Netcat6] with IPv6 support
 
** [http://farm9.org/Cryptcat/ CryptCat]: Netcat with cryptography
 
** [http://farm9.org/Cryptcat/ CryptCat]: Netcat with cryptography
  +
My own recipes for partition to partition copy over the network (ex. copying sdb5 from source on hda1 of target):
  +
<br>Target (192.168.1.1):
  +
netcat -l -p 2000 -w 5 | dd of=/dev/hda1
  +
It will wait max 5 secs so be prepared to launch immediately the next command as well on the source.
  +
<br>Source (192.168.1.2):
  +
dd if=/dev/sdb5 conv=noerror,sync | netcat 192.168.1.1 2000
  +
We can do better:
  +
<br>See what happen: add |pipeview| or |pv| if you have them to get real-time statistics on speed
  +
<br>Without pipeview you can still provoke dd to display stats by sending signals to it:
  +
while :; do sleep 5; killall -SIGUSR1 dd;done
  +
Compress on the fly: add |gzip -c| on source and |gunzip -c| on target
  +
<br>Compute checksums on-the-fly on both sides: create a fifo and md5 it.
  +
<br><br>So the complete ideal example:
  +
<br>Target (192.168.1.1):
  +
mkfifo /tmp/foo
  +
netcat -l -p 2000 -w 5 | pipeview | gunzip -c | tee /tmp/foo | dd of=/dev/hda1
  +
# and in another window
  +
md5sum /tmp/foo
  +
Source (192.168.1.2), within next 5 secs:
  +
mkfifo /tmp/foo
  +
dd if=/dev/sdb5 conv=noerror,sync | tee /tmp/foo | pipeview | gzip -c | netcat 192.168.1.1 2000
  +
# and in another window
  +
md5sum /tmp/foo
  +
Note that pipeview will measure drive speed on the source and network speed on the target due to its relative position with gzip (which you can swap of course)
 
* [http://www.dest-unreach.org/socat/ SoCat]: Netcat on steroids, if you were amazed by netcat, you've seen *nothing*!!!
 
* [http://www.dest-unreach.org/socat/ SoCat]: Netcat on steroids, if you were amazed by netcat, you've seen *nothing*!!!
 
** See [[Bypass Proxy|here]] how we use it to bypass proxies and [[Serial Login|there]] to replace minicom
 
** See [[Bypass Proxy|here]] how we use it to bypass proxies and [[Serial Login|there]] to replace minicom
  +
** We can also sniff a tty
  +
socat -v -x PTY,link=/tmp/myttyUSB0,raw,echo=0,isig=0 /dev/ttyUSB0,raw,echo=0,isig=0
 
* [http://ettercap.sourceforge.net/ Ettercap]
 
* [http://ettercap.sourceforge.net/ Ettercap]
 
* [http://www.wireshark.org Wireshark]
 
* [http://www.wireshark.org Wireshark]
 
Sniff over network:
 
Sniff over network:
wireshark -k -i <(ssh -l root remote-host tshark -w - not tcp port 22)
+
wireshark -N n -S -l -k -i <(ssh root@zeus tshark -w - not tcp port 22)
  +
wireshark -N n -S -l -k -i <(ssh root@zeus tcpdump -s 1500 -w - -i lo not tcp port 22)
   
 
===Others===
 
===Others===

Latest revision as of 21:37, 24 November 2010

Tools

My own recipes for partition to partition copy over the network (ex. copying sdb5 from source on hda1 of target):
Target (192.168.1.1):

netcat -l -p 2000 -w 5 | dd of=/dev/hda1

It will wait max 5 secs so be prepared to launch immediately the next command as well on the source.
Source (192.168.1.2):

dd if=/dev/sdb5 conv=noerror,sync | netcat 192.168.1.1 2000

We can do better:
See what happen: add |pipeview| or |pv| if you have them to get real-time statistics on speed
Without pipeview you can still provoke dd to display stats by sending signals to it:

while :; do sleep 5; killall -SIGUSR1 dd;done

Compress on the fly: add |gzip -c| on source and |gunzip -c| on target
Compute checksums on-the-fly on both sides: create a fifo and md5 it.

So the complete ideal example:
Target (192.168.1.1):

mkfifo /tmp/foo
netcat -l -p 2000 -w 5 | pipeview | gunzip -c | tee /tmp/foo | dd of=/dev/hda1
# and in another window
md5sum /tmp/foo

Source (192.168.1.2), within next 5 secs:

mkfifo /tmp/foo
dd if=/dev/sdb5 conv=noerror,sync | tee /tmp/foo | pipeview | gzip -c | netcat 192.168.1.1 2000
# and in another window
md5sum /tmp/foo

Note that pipeview will measure drive speed on the source and network speed on the target due to its relative position with gzip (which you can swap of course)

  • SoCat: Netcat on steroids, if you were amazed by netcat, you've seen *nothing*!!!
    • See here how we use it to bypass proxies and there to replace minicom
    • We can also sniff a tty
socat -v -x PTY,link=/tmp/myttyUSB0,raw,echo=0,isig=0 /dev/ttyUSB0,raw,echo=0,isig=0

Sniff over network:

wireshark -N n -S -l -k -i <(ssh root@zeus tshark -w - not tcp port 22)
wireshark -N n -S -l -k -i <(ssh root@zeus tcpdump -s 1500 -w - -i lo not tcp port 22)

Others

Filtering

cf also