Difference between revisions of "Network security tools"

From YobiWiki
Jump to navigation Jump to search
m (Reverted edits by Etegohy (Talk) to last revision by PhilippeTeuwen)
 
(No difference)

Latest revision as of 21:37, 24 November 2010

Tools

My own recipes for partition to partition copy over the network (ex. copying sdb5 from source on hda1 of target):
Target (192.168.1.1):

netcat -l -p 2000 -w 5 | dd of=/dev/hda1

It will wait max 5 secs so be prepared to launch immediately the next command as well on the source.
Source (192.168.1.2):

dd if=/dev/sdb5 conv=noerror,sync | netcat 192.168.1.1 2000

We can do better:
See what happen: add |pipeview| or |pv| if you have them to get real-time statistics on speed
Without pipeview you can still provoke dd to display stats by sending signals to it:

while :; do sleep 5; killall -SIGUSR1 dd;done

Compress on the fly: add |gzip -c| on source and |gunzip -c| on target
Compute checksums on-the-fly on both sides: create a fifo and md5 it.

So the complete ideal example:
Target (192.168.1.1):

mkfifo /tmp/foo
netcat -l -p 2000 -w 5 | pipeview | gunzip -c | tee /tmp/foo | dd of=/dev/hda1
# and in another window
md5sum /tmp/foo

Source (192.168.1.2), within next 5 secs:

mkfifo /tmp/foo
dd if=/dev/sdb5 conv=noerror,sync | tee /tmp/foo | pipeview | gzip -c | netcat 192.168.1.1 2000
# and in another window
md5sum /tmp/foo

Note that pipeview will measure drive speed on the source and network speed on the target due to its relative position with gzip (which you can swap of course)

  • SoCat: Netcat on steroids, if you were amazed by netcat, you've seen *nothing*!!!
    • See here how we use it to bypass proxies and there to replace minicom
    • We can also sniff a tty
socat -v -x PTY,link=/tmp/myttyUSB0,raw,echo=0,isig=0 /dev/ttyUSB0,raw,echo=0,isig=0

Sniff over network:

wireshark -N n -S -l -k -i <(ssh root@zeus tshark -w - not tcp port 22)
wireshark -N n -S -l -k -i <(ssh root@zeus tcpdump -s 1500 -w - -i lo not tcp port 22)

Others

Filtering

cf also