Tuesday, November 22, 2011

DNS(dnsmasq) on Fedora machine

Steps to Install and configure local DNS(dnsmasq) on Fedora machine

Server side
1, Download the dnsmasq software package from site http://www.thekelleys.org.uk/dnsmasq/ 
      Untar it and compile it
      # tar -zxvf
      # cd
      # make
    Or you can simply do 
      # yum install dnsmasq

2, Start service
      # /etc/init.d/dnsmasq start

3, Append domain name and dhcp range information in /etc/dnsmasq.conf file
      For example:

4, Append the dns entries in /etc/hosts file
      For example testhost1 testhost2

5, Stop the iptables
      #service iptables stop

6, Restart the dnsmasq service
      # /etc/init.d/dnsmasq restart

Client side
1, Change nameserver IP address in /etc/resolv.conf file, Remove existing nameserver IP addresses and give the IP address of machine which is running dnsmasq

2, Send dns request
      # host testhost1 
It will give you the corresponding IP address you have configured in /etc/hosts file in dnsmasq server configuration. 

For further clarifications you can visit http://www.enterprisenetworkingplanet.com/netos/article.php/10951_3377351_1

Monday, October 10, 2011

Basic WIFI packets and its functionality.

There is 3 types of frames exists

1) management frames 

2) control frames

3) data frames

Management Frames

802.11 management frames enable stations to establish and maintain communications. The following are common 802.11 management frame subtypes:
  • Authentication frame: 802.11 authentication is a process whereby the access point either accepts or rejects the identity of a radio NIC. The NIC begins the process by sending an authentication frame containing its identity to the access point. With open system authentication (the default), the radio NIC sends only one authentication frame, and the access point responds with an authentication frame as a response indicating acceptance (or rejection). With the optional shared key authentication, the radio NIC sends an initial authentication frame, and the access point responds with an authentication frame containing challenge text. The radio NIC must send an encrypted version of the challenge text (using its WEP key) in an authentication frame back to the access point. The access point ensures that the radio NIC has the correct WEP key (which is the basis for authentication) by seeing whether the challenge text recovered after decryption is the same that was sent previously. Based on the results of this comparison, the access point replies to the radio NIC with an authentication frame signifying the result of authentication.

  • Deauthentication frame: A station sends a deauthentication frame to another station if it wishes to terminate secure communications.

  • Association request frame: 802.11 association enables the access point to allocate resources for and synchronize with a radio NIC. A NIC begins the association process by sending an association request to an access point. This frame carries information about the NIC (e.g., supported data rates) and the SSID of the network it wishes to associate with. After receiving the association request, the access point considers associating with the NIC, and (if accepted) reserves memory space and establishes an association ID for the NIC.

  • Association response frame: An access point sends an association response frame containing an acceptance or rejection notice to the radio NIC requesting association. If the access point accepts the radio NIC, the frame includes information regarding the association, such as association ID and supported data rates. If the outcome of the association is positive, the radio NIC can utilize the access point to communicate with other NICs on the network and systems on the distribution (i.e., Ethernet) side of the access point.

  • Reassociation request frame: If a radio NIC roams away from the currently associated access point and finds another access point having a stronger beacon signal, the radio NIC will send a reassociation frame to the new access point. The new access point then coordinates the forwarding of data frames that may still be in the buffer of the previous access point waiting for transmission to the radio NIC.

  • Reassociation response frame: An access point sends a reassociation response frame containing an acceptance or rejection notice to the radio NIC requesting reassociation. Similar to the association process, the frame includes information regarding the association, such as association ID and supported data rates.

  • Disassociation frame: A station sends a disassociation frame to another station if it wishes to terminate the association. For example, a radio NIC that is shut down gracefully can send a disassociation frame to alert the access point that the NIC is powering off. The access point can then relinquish memory allocations and remove the radio NIC from the association table.

  • Beacon frame: The access point periodically sends a beacon frame to announce its presence and relay information, such as timestamp, SSID, and other parameters regarding the access point to radio NICs that are within range. Radio NICs continually scan all 802.11 radio channels and listen to beacons as the basis for choosing which access point is best to associate with.

  • Probe request frame: A station sends a probe request frame when it needs to obtain information from another station. For example, a radio NIC would send a probe request to determine which access points are within range.

  • Probe response frame: A station will respond with a probe response frame, containing capability information, supported data rates, etc., when after it receives a probe request frame.

Control Frames

802.11 control frames assist in the delivery of data frames between stations. The following are common 802.11 control frame subtypes:
  • Request to Send (RTS) frame: The RTS/CTS function is optional and reduces frame collisions present when hidden stations have associations with the same access point. A station sends a RTS frame to another station as the first phase of a two-way handshake necessary before sending a data frame.

  • Clear to Send (CTS) frame: A station responds to a RTS with a CTS frame, providing clearance for the requesting station to send a data frame. The CTS includes a time value that causes all other stations (including hidden stations) to hold off transmission of frames for a time period necessary for the requesting station to send its frame. This minimizes collisions among hidden stations, which can result in higher throughput if you implement it properly.

  • Acknowledgement (ACK) frame: After receiving a data frame, the receiving station will utilize an error checking processes to detect the presence of errors. The receiving station will send an ACK frame to the sending station if no errors are found. If the sending station doesn't receive an ACK after a period of time, the sending station will retransmit the frame.

Data Frames

Of course the main purpose of having a wireless LAN is to transport data. 802.11 defines a data frame type that carries packets from higher layers, such as web pages, printer control data, etc., within the body of the frame. When viewing 802.11 data frames with a packet analyzer, you can generally observe the contents of the frame body to see what packets that the 802.11 data frames are transporting.
--TBD-- other info added soon..

Monday, August 8, 2011

Basics of screen command in linux

When you working on remote machine, you may come across with the situation, like, run a program or script for couple of hour or days. But when you logout of your local machine then your program automatically get killed because of loss of your session(Assigned shell gets terminated). So linux provides you to use "screen" command which allows you to make your program independent of shell. So even when you logout remotely even your program runs. Here the steps follows.
Log in to remote machine.
First check out "screen" is available in your remote machine.
If not present, use "apt-get install screen" cmd in ubuntu and install.
After successful installation.
Start ur program using below command.
Now ur program running in foreground only.
Now send detach signal by sending "Ctrl+a d" signal. Now your process will detached from your shell and running in background.
Now can logout from remote machine, process will run in remote machine without any effect.
Now after some time or even after some days, log in to remote machine and run "screen -ls". It will display all process running by using screen.
For attaching your process to shell run "screen -r ". Now your process will come foreground.
If multiple process are running using screens then "screen -r " below given example.
[root@local.host ~]#screen -ls
There are screens on:
29383.pts-7.localhost (Detached)
31899.pts-9.localhost (Detached)
2 Sockets in /var/run/screen/S-root.
These 29383, 31899 are pids of screens so
[root@local.host ~]# ps -ef |grep SCR
root 10787 15582 0 14:43 pts/9 00:00:00 grep SCR
root 29383 1 0 14:21 ? 00:00:00 SCREEN process1
root 31899 1 0 14:39 ? 00:00:00 SCREEN process2
To bring process to foreground
[root@local.host ~]#screen -r 29383
Now SCREEN process1 process comes to foreground.
So what are you looking for, give a try....

Wednesday, August 3, 2011

Enable core dump and debugging in linux

Run below two commands at shell or add to your bashrc files. this will enable the core dump.
ulimit -c unlimited
echo core.%e.%p.%s.%t > /proc/sys/kernel/core_pattern

Now start your execution. Say if any core dump generated then use below command

gdb coredumpFile

When you run this it will gdb displays where segfault occurred. Below copied few lines from gdb output.

Program terminated with signal 11, Segmentation fault.
#0 0x080483e3 in fun ()

Wednesday, July 20, 2011

Change order of packets in pcap file

Hi all, I have found new cap edit tool by which you can reorder the packets in pcap file. Not only ordering but also changing fields, fragmenting packets and adding vlan headers and so many other options. It has nice GUI will provide you user friendly experience.
Here is the GUI screen shot

Steps to install.
just check out the code from net
#svn co svn+http://code.google.com/p/packetsquare-capedit/source/browse/#svn/branches/0.0.1
#cd svn/branches/0.0.1/
If you get any gtk+2 not installed issue then install gtk libs.
In ubuntu simply run below command
apt-get install libgtk2.0-dev
After successful installation, install capedit tool.
Once compiled you can run tool by simply typing below command.
This tool is very usefull when your are working with protocol stacks...

Ok, just dig and explore more. Happy crafting packets :)

Friday, July 1, 2011

cmds grouping in expect script if we are expecting on same patron

Hi, below script is just to explain a data variable that can be used as list. So each value in the list are send to spawned program. This is helpful only if you are expecting on same string.
#!/usr/bin/expect -f

set force_conservative 0 ;# set to 1 to force conservative mode even if
;# script wasn't run conservatively originally
if {$force_conservative} {
set send_slow {1 .1}
proc send {ignore arg} {
sleep .1
exp_send -s -- $arg

set timeout -1
set data "ls
ls -ltr

#Spwan the new bash shell
spawn bash

match_max 100000

foreach line [split $data \n] {
expect "root@phaneedra:/home/phaneedra#"
send -- "$line\r"
sleep 1

Above foreach will split each line (each element) from data and copies to line variable. Now our script will look for "root@phaneedra:/home/phaneedra#" this and when ever it occurs send first and then next cmds.

This is just for example so it may not make much sense. But use full to test Cli interacting applications where expecting string patron not changed.

Thursday, June 30, 2011

Writing simple perl module and using it.

package Mymodule; #Mymodule is the module name used in ur script
use strict; # This pragma forces you to declare you'r variables
use warnings;#This pragma turns on optional warnings
use base "Exporter";#The Exporter is standard module available in perl,it knows how to export functions and variables
#our module uses that export mechanism by inheriting using use base
our @EXPORT = qw(add mul $test); # our global scope. qw notation is telling perl to create a list separated by spaces
#our @EXPORT = qw(add,$sum);
#our @EXPORT = qw(mul,$mul);
#our @EXPORT = qw/sub/;
#our @EXPORT = qw($test);
our $test = 'yes';
my $sum;
my $mul;
sub add
$a = $_[0];
$b = $_[1];
$sum = $a + $b;

sub mul
$a = $_[0];
$b = $_[1];
$mul = $a * $b;

1;#This is the last line in module. Return values by which app knows module ran properly

Application to use above perl module

use Mymodule;
my $sum = add(2,3);
my $mul = mul(2,3);
print "sum is: $sum\n";
print "multiplication is: $mul\n";
if ($sum == 5)

Tuesday, June 28, 2011

kernel crash debugging Tip: how to know which line in your code caused the crash

Use "objdump" utility with option "-S" on your object file (.o) which dumps the disassembly of your object file along with source code. it displays each line and the corresponding disassembly.

Example: following is an instance of kernel crash which shows the crash happened at address 0x58 in init_module() function which of size 0x8c and the module name is domu_share:

root@PVHVM-domU:~/tets_programs/page_share_interdomain# dmesg -c
[ 2463.297489] BUG: unable to handle kernel paging request at 000000003bd28000
[ 2463.297495] IP: [] init_module+0x58/0x8c [domu_share]
[ 2463.297503] PGD 3bdb3067 PUD 36f56067 PMD 0
[ 2463.297506] Oops: 0002 [#1] SMP
[ 2463.297508] last sysfs file: /sys/devices/pci0000:00/0000:00:01.2/usb1/1-0:1.0/uevent
[ 2463.297512] CPU 0

Now do objdump of domu_share.o and redirect to a file (as sometimes the objdump can be very big)
# objdump -S domu_share.o > my_objdump

Now look for the init_module function in "my_objdump" and from the base address of the function, go 0x58 bytes further and check the line to which the address belongs to. that is where the crash happened exactly.

The section of code which caused the crash is as below

int init_module(void)
80: 55 push %rbp <<<<<------ 80 (actually 0x80) is the base address of the init_module();
81: 48 89 e5 mov %rsp,%rbp
84: e8 00 00 00 00 callq 89
* that is several physically contiguous pages long, and doesn't zero
..... /* crash is at 0x58 of init_module; so go to 0x80+0x58 = 0xd8 */
sring = (struct as_sring*) page;
a6: 48 63 d0 movslq %eax,%rdx


a9: be 2f 00 00 00 mov $0x2f,%esi
ae: 48 8d 7a 11 lea 0x11(%rdx),%rdi
b2: c7 42 08 00 00 00 00 movl $0x0,0x8(%rdx)
b9: c7 02 00 00 00 00 movl $0x0,(%rdx)
bf: c7 42 0c 01 00 00 00 movl $0x1,0xc(%rdx)
c6: c7 42 04 01 00 00 00 movl $0x1,0x4(%rdx)
cd: 40 f6 c7 01 test $0x1,%dil
d1: 0f 85 f1 00 00 00 jne 1c8
d7: 40 f6 c7 02 test $0x2,%dil <<<<<----- here is where the crash happened
and this assembly belongs to

db: 0f 85 ff 00 00 00 jne 1e0

So, have a look at SHARED_RING_INIT(sring) which caused the crash.

Friday, February 11, 2011

Balyya interview with NDTV

Listen.... nobody plays with balayya.....
Pretty old new but worth watching.

Wednesday, February 9, 2011

SSH login without using password.


You want to use Linux and OpenSSH to automize your tasks. Therefore you need an automatic login from host A / user a to Host B / user b. You don't want to enter any passwords, because you want to call ssh from a within a shell script.
How to do it

First log in on A as user a and generate a pair of authentication keys. Do not enter a passphrase:

Steps :-
a@A:~> ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/a/.ssh/id_rsa):
Created directory '/home/a/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/a/.ssh/id_rsa.
Your public key has been saved in /home/a/.ssh/id_rsa.pub.
The key fingerprint is:
3e:4f:05:79:3a:9f:96:7c:3b:ad:e9:58:37:bc:37:e4 a@A

Now use ssh to create a directory ~/.ssh as user b on B. (The directory may already exist, which is fine):

a@A:~> ssh b@B mkdir -p .ssh
b@B's password:

Finally append a's new public key to b@B:.ssh/authorized_keys and enter b's password one last time:

a@A:~> cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys'
b@B's password:

From now on you can log into B as b from A as a without password:

a@A:~> ssh b@B hostname

A note from one of our readers: Depending on your version of SSH you might also have to do the following changes:

* Put the public key in .ssh/authorized_keys2
* Change the permissions of .ssh to 700
* Change the permissions of .ssh/authorized_keys2 to 640

Using expect script inside shell script

Written small sample shell script which contains expect script, which connect to ftp server.


echo "shell script starting"
sleep 2
sleep 2
echo "expect is starting"
expect -c "
spawn ftp
expect ":"
send \"user_name\r\"
sleep 1
expect "Password:"
send \"user_passed\r\"
sleep 1
expect "ftp\*"
send \"bye\r\"
sleep 1
expect eof"
echo "expect ended bash script follows"
ls -l
sleep 1
sleep 2