Monday, June 20, 2016

GRUB - Rescue BootLoader on a USB Flash Drive

My goal is to just have a GRUB bootloader (without a Linux instalation) on a USB Flash Drive to:

  • Boot OS with Bootloaders without entering the BIOS
  • Boot OS with Broken Boot Loaders
  • Boot Linux Live CDs

 

Installing the GRUB Boot Loader

Run a live CD like Ubuntu, a boot i without installing it.

First list your disks in order to identify you USB Flash Drive

    sudo fdisk -l

if you have trouble identifying you USB Flash Drive just run the command above without the USB Flash Drive, the insert it and list again, compare the outputs, and the extra disk is you USB Flash Drive.

My USB Flash Drive is “sdb1” (b=second HD | 1=first partition), now let’s make a folder to mount the usb flash drive (my Flash Drive was formated with the ext4 filesystem), and mount it:

    sudo mkdir /mnt/USB
    sudo mount /dev/sdb1 /mnt/USB

Now let’s just install the the bootloader

    sudo grub-install --force --removable --boot-directory=/mnt/USB/boot /dev/sdb

boot code goes on /dev/sdb and grub files on /mnt/USB/boot.

 

Set Up the Grub Configuration FIle

Now just create/edit the grub config file

    nano /mnt/USB/boot/grub/grub.cfg

and input the following configuration:

grub.cfg
_____________________________________________

set timeout=10
set default=0

menuentry "#### Boot OS with Bootloaders without entering the BIOS ####" {set root=(hd1)}

menuentry "HD0 (First HD – This USB Flash Drive)" {
set root=(hd0)
chainloader +1
}

menuentry "HD1 (Second HD)" {
set root=(hd1)
chainloader +1
}

menuentry "HD2 (Third HD)" {
set root=(hd2)
chainloader +1
}

menuentry "HD3 (Fourth HD)" {
set root=(hd3)
chainloader +1
}

 

menuentry "#### Boot OS with Broken Boot Loaders ####" {set root=(hd1)}

menuentry "Ubuntu 16.04 (HD1 - First HD)"  {

    insmod part_msdos
    insmod ext2
    set root=(hd1,msdos1)

    echo 'Loading Linux Kernel...'
    linux /boot/vmlinuz-4.4.0-24-generic root=/dev/sda1
       
    echo 'Loading Initial Ramdisk ...'
    initrd /boot/initrd.img-4.4.0-24-generic
    boot
}

menuentry "Windows XP/7/10 (HD1 - First HD)"  {

    insmod part_msdos
    insmod ntfs
    set root=(hd1,msdos1)

    drivemap -s (hd0) ${root}
    chainloader +1
}

 

menuentry "#### Boot Linux Live CDs ####" {set root=(hd1)}
   
menuentry "Ubuntu 16.04 ISO (On This USB PEN Drive)" {

    set isofile="/ubuntu-16.04-desktop-amd64.iso"
    loopback loop (hd0,msdos1)$isofile
    linux (loop)/casper/vmlinuz.efi boot=casper iso-scan/filename=$isofile noprompt noeject
    initrd (loop)/casper/initrd.lz
}

This is what it looks like:

image

You migth need to adjust some things if you have more disks, partitions or diferent linux distro. To make it easyer I have put the things you migth need to change in bold.

The above config was for the following setup

  • One USB Flash Drive (with Grub Installed)
    • hd0,msdos1 - First HD | First Partition – MBR Geometry
    • This is was my USB Flash Drive
  • One Hard Drive for OS
    • hd1,msdos1 – Second HD | First Partition – MBR Geometry
    • This is the Disk with the OS

If you have trouble Identifying you disks and partion you can press ‘c’, on the grub menu, to get the GRUB command line and run “ls” :

image

this was very hepfull, specially identifying the the name for the MBR partitions aka “msdos” .

Related Links

Tuesday, June 14, 2016

Windows – SSH SOCKS Proxy

If you have a Raspberry Pi or any Linux machine at home, you can use it as an SSH Proxy with the help of SSH and exit to the Internet via you home conection/IP.

Some of the advantages are:

  • Privacy (SSH Traffic is Encrypted)
  • Bypassing Local Security Policies (Access Blocked Services)

no aditional configuration needed on the SSH server

You only need to forward port 22 on your internet router to the linux host on your LAN (no aditional configuration needed on youre Linux SSH server).

Now that you have port 22 forwarded to you Linux in you home Lan, from somewhere on the Internet setup an Dynamic SSH Tunnel on Putty like show bellow (replace the 98.125.80.38  with your own Public IP):

01

02

03

04

The tunnel will remain working as long this Putty windows is open:

04.1

Now on your Browser (or any other aplication that supports it) you must configure the Socks Proxy to point to the local end of the Dynamic SSH Tunnel, and that’s it.

Now all your browser’s traffic will be sent to the local port 8080 wich SSH wil tunnel it to you home where it will exit via you linux machine.

Here I show how to set up the Socks Proxy on IE (Internet Explorer).

Tools > Internet Options > Connections > LAN Settings > Proxy Server > Advanced

05

You can go on your browser to:

to confirm see Public IP and confirm from wich connection you entering the internet

Monday, May 30, 2016

Linux – Howto Boot an ISO from GRUB

Linux’s GRUB2 boot loader can boot Linux ISO files directly from your hard drive. Boot Linux live CDs or even install Linux on another hard drive partition without burning it to disc or booting from a USB drive.

We performed this process on Ubuntu 14.04 — Ubuntu and Ubuntu-based Linux distributions have good support for this. Other Linux distributions should work similarly.

This trick requires you have a Linux system installed on your hard drive. Your computer must be using the GRUB2 boot loader, which is a standard boot loader on most Linux systems. Sorry, you can’t boot a Linux ISO file directly from a Windows system using the Windows boot loader.

Download the ISO files you want to use and store them on your Linux partition. GRUB2 should support most Linux systems. if you want to use them in a live environment without installing them to your hard drive, be sure to download the “live CD” versions of each Linux ISO. Many Linux-based bootable utility discs should also work.

 

Check the Contents of the ISO File

You may need to look inside the ISO file to determine exactly where specific files are. For example, you can do this by opening the ISO file with the Archive Manager/File Roller graphical application that comes with Ubuntu and other GNOME-based desktop environments. In the Nautilus file manager, right-click the ISO file and select Open with Archive Manager.

Locate the kernel file and the initrd image. If you’re using a Ubuntu ISO file, you’ll find these files inside the casper folder — the vmlinuz file is the Linux kernel and the initrd file is the initrd image. You’ll need to know their location inside the ISO file later.

clip_image001

 

Determine the Hard Drive Partition’s Path

GRUB uses a different “device name” scheme than Linux does. On a Linux system, /dev/sda1 is the first partition on the first hard disk — a means the first hard disk and 1 means its first partition. In GRUB, (hd0,1) is equivalent to /dev/sda0. The 0 means the first hard disk, while the1 means the first partition on it. In other words, in a GRUB device name, the disk numbers start counting at 0 and the partition num6ers start counting at 1 — yes, it’s unnecessarily confusing. For example, (hd3,6) refers to the sixth partition on the fourth hard disk.

You can use the fdisk -l command to view this information. On Ubuntu, open a Terminal and run the following command:

sudo fdisk -l

You’ll see a list of Linux device paths, which you can convert to GRUB device names on your own. For example, below we can see the system partition is /dev/sda1 — so that’s (hd0,1) for GRUB.

clip_image002

 

Create the GRUB2 Boot Entry

The easiest way to add a custom boot entry is to edit the /etc/grub.d/40_custom script. This file is designed for user-added custom boot entries. After editing the file, the contents of your /etc/defaults/grub file and the /etc/grub.d/ scripts will be combined to create a /boot/grub/grub.cfg file — you shouldn’t edit this file by hand. It’s designed to be automatically generated from settings you specify in other files.

You’ll need to open the /etc/grub.d/40_custom file for editing with root privileges. On Ubuntu, you can do this by opening a Terminal window and running the following command:

sudo gedit /etc/grub.d/40_custom

Feel free to open the file in your favorite text editor. For example, you could replace “gedit” with “nano” in the command to open the file in the Nano text editor.

Unless you’ve added other custom boot entries, you should see a mostly empty file. You’ll need to add one or more ISO-booting sections to the file below the commented lines.

clip_image003

Here’s how you can boot an Ubuntu or Ubuntu-based distribution from an ISO file. We tested this with Ubuntu 14.04:

menuentry “Ubuntu 14.04 ISO” {
set isofile=”/home/name/Downloads/ubuntu-14.04.1-desktop-amd64.iso
loopback loop (hd0,1)$isofile
linux (loop)/casper/vmlinuz.efi boot=casper iso-scan/filename=${isofile} quiet splash
initrd (loop)/casper/initrd.lz
}

Customize the boot entry to contain your desiredmenu entry name, the correct path to the ISO file on your computer, and the device name of the hard disk and partition containing the ISO file. If the vmlinuz and initrd files have different names or paths, be sure to specify the correct path to those files, too.

(If you have a separate /home/ partition, omit the /home bit, like so: set isofile=”/name/Downloads/${isoname}”).

Important Note: Different Linux distributions require different boot entries with different boot options. The GRUB Live ISO Multiboot project offers a variety of menu entries for different Linux distributions. You should be able to adapt these example menu entries for the ISO file you want to boot. You can also just perform a web search for the name and release number of the Linux distribution you want to boot along with “boot from ISO in GRUB” to find more information.

clip_image004

If you want to add more ISO boot options, add additional sections to the file.

Save the file when you’re done. Return to a Terminal window and run the following command:

sudo update-grub

clip_image005

The next time you boot your computer, you’ll see the ISO boot entry and you can choose it to boot the ISO file. You may have to hold Shift while booting to see the GRUB menu.

If you see an error message or a black screen when you attempt to boot the ISO file, you misconfigured the boot entry somehow. Even if you got the ISO file path and device name right, the paths to the vmlinuz and intird files on the ISO file may not be correct or the Linux system you’re booting may require different options.

Taken From: http://www.howtogeek.com/196933/how-to-boot-linux-iso-images-directly-from-your-hard-drive/

Monday, March 28, 2016

Linux - Parted the CLI Disk Management Tool

Parted is a famous command line tool that allows you to easily manage hard disk partitions. It can help you add, delete, shrink and extend disk partitions along with the file systems located on them. Parted has gone a long way from when it first came out. Some of it’s functions have been removed, others have been added.

In this tutorial you will learn the basics of parted and we will show you some practical examples. If you don’t have any previous experience with parted, please be aware that parted writes the changes immediately to your disk, so be careful if you try to modify your disk partitions.

If you plan on testing parted, the better option would be to simply use a virtual machine or old computer/laptop without any valuable information on it. To make modifications on a disk partition it must not be in use. If you need to work on primary partition, you may boot into rescue mode.

Note: You will need to have root access to the machine you will be working on in order to use parted.

 

How to Install Parted on Linux

On many Linux distributions, parted comes pre-installed. If it is not included in your distro, you can install it with:

$ sudo apt-get install parted        [On Debian/Ubuntu systems]
# yum install parted                    [On RHEL/CentOS and Fedora]
# dnf install parted                      [On Fedora 22+ versions]

Once you have make sure that parted is installed, you can proceed further to check out some real world examples of parted command in the rest of this article.

 

1. Check Parted Version

Run the following command, you see message similar to the one shown on the image below. Don’t worry if your parted version is different. Unless specified otherwise, parted will use your primary drive, which in most cases will be/dev/sda.

$ parted

clip_image001

Check Parted Command Version

If you want to exit parted, simply type:

$ quit

 

2. List Linux Disk Partitions

Now that parted is started, let’s list the partitions of the selected hard disk. As mentioned earlier, parted chooses your first drive by default. To see the disk partitions run print.

(parted) print

clip_image002

Check Linux Partitions

When running print, it will also display the hard disk information and model. Here is example from a real hard disk (not virtual as shown on the image above) :

(parted) print

Model: ATA TOSHIBA MQ01ACF0 (scsi)
Disk /dev/sda: 320GB
Sector size (logical/physical): 512B/4096B
Partition Table: msdos

Number  Start   End    Size   Type      File system  Flags

1      1049kB  256MB  255MB  primary   ext2         boot
2      257MB   320GB  320GB  extended
5      257MB   320GB  320GB  logical                    lvm

sector size and partition table.

 

3. List or Switch to Different Disk

If you have more than one hard disk, you can easily switch between disks, by using the “select” command. In the example below, I will switch from /dev/sda to/dev/sdb which is a secondary drive on my system.

To easily switch between disks you can use:

(parted) select /dev/sdX

clip_image003

Select Different Disk

Change "X" with the letter of the disk to which you wish to switch.

 

4. Create Primary or Logical Partition in Linux

Parted can be used to create primary and logical disk partitions. In this example, I will show you how to create primary partition, but the steps are the same for logical partitions.

To create new partition, parted uses “mkpart“. You can give it additional parameters like "primary" or "logical" depending on the partition type that you wish to create.

Before you start creating partitions, it’s important to make sure that you are using (you have selected) the right disk.

Start by using print:

(parted) print

clip_image004

Show Current Linux Disk

As shown on the above image, we are using a virtual drive of 34 GB. First we will give the new disk a label and then create a partition and set a file system on it.

Now the first step is to give the new disk a label name with:

(parted) mklabel msdos

Now create the new partition with  mkpart. The listed units are in megabytes (MB). We will create a 10 GB partition starting from 1 to 10000:

(parted) mkpart

Partition type?  primary/extended? primary
File system type?  [ext2]?
Start? 1
End? 10000
(parted) print
Model: ATA VBOX HARDDISK (scsi)
Disk /dev/sdb: 34.4GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Disk Flags:
Number  Start   End     Size    Type     File system  Flags
1      1049kB  10.0GB  9999MB  primary   ext2         lba

clip_image005

Create Primary or Logical Linux Partitions

Next,  exit parted with "quit" command. We will format our new partition in ext4 file system using mkfs. To make this happen run the following command:

# mkfs.ext4 /dev/sdb1

Note: It’s important to select the right disk and partition when executing the above command!

Now let’s verify our results, by printing the partition table on our secondary disk. Under file system column, you should see ext4 or the file system type that you have decided to use for your partition:

clip_image006

Verify Disk Partition Filesystem

 

5. Resize Linux Disk Partition

Parted includes multiple useful functions and one of them is "resizepart". As you have probably figured this out by now, "resizepart" helps you resize a partition.

In the example below, you will see how to resize an existing partition. For the purpose of this example, we will be using the earlier created partition.

First you will need to know the number of the partition that you will be resizing. This can be easily found by using "print":

(parted) print

clip_image007

Find Linux Partition Number

In our example, the partition number is "1". Now run the resizepart command:

(parted) resizepart

You will be asked for the number of the partition that you will resize. Enter it’s number. After that, you will be asked to set the new ending point for this partition. Remember that by default the units are in MB. In our example, we have set the new partition size to 15 GB:

(parted) resizepart
Partition number? 1
End?  [10.0GB]? 15000
Now verify the results with "print":
(parted) print

clip_image008

Verify Linux Resize Partition

 

6. Delete Linux Partition

The next thing you will learn is how to delete a partition from your hard drive. To do this, you will need to use the "rm" command within parted. To delete a disk partition you will need to know it’s number.

As mentioned earlier, you can easily obtain this number by using "print". In our example, we will delete the partition with number 1 from our secondary drive/dev/sdb1:

(parted) rm 1

Verify the results by printing the partitions table:

clip_image009

Delete a Linux Partition

 

7. Rescue Linux Disk Partition

Parted supports a “rescue" utility that helps you recover a lost partition between a starting and ending point. If a partition is found within that range, it will attempt to restore it.

Here is an example:

(parted) rescue
Start? 1
End? 15000
(parted) print
Model: Unknown (unknown)
Disk /dev/sdb1: 15.0GB
Sector size (logical/physical): 512B/512B
Partition Table: loop
Disk Flags:

Number Start End Size File system Flags
1 0.00B 15.0GB 15.0GB ext4

 

8 Change Linux Partition Flag

Using parted, you can change the state of a flag for disk partitions. The supported flags are:

  • boot
  • root
  • swap
  • hidden
  • raid
  • lvm
  • lba
  • legacy_boot
  • irst
  • esp
  • palo

The states can be either "on" or "off". To change a flag simply run "set"command within parted:

(parted) set 2 lba on

The above command sets lba flag to on for second partition. Verify the results with print:

clip_image010

Change Partition Flag

 

Conclusion

Parted is a useful and powerful utility that can help you manage your disk partitions in Linux systems. As always, when working with disk partitions you need to be extra careful. It is strongly recommend to go through parted man pages to learn how you can customize it’s output and find more information about its capabilities.

If you have any questions or comments, please do not hesitate to use the comment section below.

 

Taken From: http://www.tecmint.com/parted-command-to-create-resize-rescue-linux-disk-partitions/

Sunday, February 14, 2016

Linux - GRE Tunnel

How to create a GRE tunnel on Linux

GRE tunnels are IP-over-IP tunnels which can encapsulate IPv4/IPv6 and unicast/multicast traffic. To create a GRE tunnel on Linux, you need ip_gre kernel module, which is GRE over IPv4 tunneling driver.

So first make sure that ip_gre is loaded.

  $ sudo modprobe ip_gre
  $ lsmod | grep gre

    ip_gre 22432 0
    gre 12989 1 ip_gre

Here, we assume that you want to create a GRE tunnel between two interfaces with the following IP addresses.

    - Host A: 192.168.233.204
    - Host B: 172.168.10.25

   
On host A, run the following command.

  $ sudo ip tunnel add gre0 mode gre remote 172.168.10.25 local 192.168.233.204 ttl 255
  $ sudo ip link set gre0 up
  $ sudo ip addr add 10.10.10.1/24 dev gre0

In the above, we create a GRE-type tunnel device called gre0, and set its remote address to 172.168.10.25. Tunneling packets will be originating from 192.168.233.204 (local IP address), and their TTL field will be set to 255. The tunnel device is assigned IP address 10.10.10.1 with netmask 255.255.255.0.

Now verify that route for the GRE tunnel is set up correctly:

  $ ip route show
    default via 135.112.29.1 dev eth0 proto static
    10.10.10.0/24 dev gre0 proto kernel scope link src 10.10.10.1

On host B, run similar commands as follows.

  $ sudo ip tunnel add gre0 mode gre remote 192.168.233.204 local 172.168.10.25 ttl 255
  $ sudo ip link set gre0 up
  $ sudo ip addr add 10.10.10.2/24 dev gre0

At this point, a GRE tunnel should be established between host A and host B.

To verify that, from one tunneling end point, ping the other end point.

  $ ping 10.10.10.2 (from host A)

    PING 10.10.10.2 (10.10.10.2) 56(84) bytes of data.
    64 bytes from 10.10.10.2: icmp_req=1 ttl=64 time=0.619 ms
    64 bytes from 10.10.10.2: icmp_req=2 ttl=64 time=0.496 ms
    64 bytes from 10.10.10.2: icmp_req=3 ttl=64 time=0.587 ms

If you want to tear down the GRE tunnel, run the following command from either end.

  $ sudo ip link set gre0 down
  $ sudo ip tunnel del gre0

Taken From: http://ask.xmodulo.com/create-gre-tunnel-linux.html

Thursday, January 21, 2016

Ubuntu - Installation on UEFI / GPT Systems

Installation of Ubuntu 15.04 (Vivid Vervet) Desktop on UEFI Firmware Systems

by Matei Cezar | Published: April 25, 2015 | Last Updated: October 23, 2015

Ubuntu 15.04 , codename Vivid Vervet , non-LTS , has finally been released for Desktops, Servers, Cloud and other instances and flavours. This version comes with nine months support and some interesting changes, the most notable ones being the replacement of Upstart init service with Systemd service, Linux 3.19 Kernel, MariaDB 10.0, LXC 1.1 and LXD 0.17.

Update: Ubuntu 15.10 Released – Install Ubuntu 15.10 Desktop

clip_image002

Ubuntu 15.04 Installation On UEFI Systems

This article will guide you on how you can install Ubuntu 15.04 , single boot, on UEFI Firmware machines with a manual default partition layout in order to preserve free space for future Operating System installations in dual-boot.

Be aware that all system installations made from UEFI booting sequence assumes that your hard drive will be partitioned in GPT style, regardless of the size of your disks. Also, try do disable Secure Boot and Fast Boot options from UEFI settings (if supported), especially if you are trying to boot from a USB UEFI compatible bootbale drive made with Rufus utility.

 

Requirements

Download Ubuntu 15.04 ISO image, which can be obtained from the following link:

http://releases.ubuntu.com/15.04/

 

Ubuntu 15.04 Desktop Installation Guide

The installation of Ubuntu 15.04 it pretty simple and straightforward as its previous releases. However, if you are booting and installing the system on a UEFI Firmware machine, besides the classical partitions you need to assure that you create a standard EFI partition required for the boot loader to pass the further instructions to Linux Grub.

1. The first step you need to take in order to install Ubuntu 15.04 is to burn an Ubuntu ISO image or create a compatible UEFI USB drive, place the bootable media into your appropriate drive, then enter UEFI settings and disable Secure Boot and Fast Boot options and instruct your machine to restart in UEFI with the appropriate bootable CD/USB drive.

2. After the machine boots the media, the Grub screen should appear on your screen. From here choose Install Ubuntu and press Enter key to continue.

clip_image004

Booting Screen

clip_image006

Ubuntu Grub Menu

3. On the next step, choose the Language for your system and press Continue button to move forward.

clip_image008

Select Install Language

4. Next, the installer checks if your system has Internet connectivity and inspects your hard drive required space. After all the requirements are met, just press Continue button again to proceed further. The installation can continue without an Internet connection also.

clip_image010

Preparing to Install Ubuntu

5. On the next step you must choose an Installation type. To ensure that Ubuntu doesn’t eat all your hard disk space while installing the system using the first option, Erase disk and Install Ubuntu , choose the last option with Something else and hit Continue button.

This option is the most safest and flexible in case you might want to preserve some disk space and install other Operating Systems in dual-boot after you install Ubuntu.

clip_image012

Select Installation Type

6. On this step you must create a Partition Table in case you have a blank drive and slice-up your disk. Select your hard-disk in case your machine has more than one disks, hit New Partition Table button and Continue button from the pop-up warning in order to create the GPT partition table.

clip_image014

Select Partition

clip_image016

Partition Confirmation

7. Now it’s time to create the system partitions manually. The partition table will have the following scheme:

  • EFI System Partition – 650 MB
  • Mount Point /(root) Partition – min 10 GB – Formatted EXT4 journaling file system.
  • Swap Partition – min 1GB (or double RAM size).
  • Mount Point /home Partition – custom space (or all remaining space) – Formatted EXT4 journaling file system.

All partitions should be Primary and At the beginning of this space.

To begin, select free space and hit the Plus + button to create the first partition. This first partition will be the EFI standard partition. Enter 650 MB as its size and choose Use as EFI System Partition , then OK button to confirm and create the partition.

clip_image018

Create EFI System Partition

clip_image020

Enter EFI Partition Size

8. Next, chose free space again, hit the + button and create the /(root) partition. Make sure the partition has at least 10GB of space and will be formatted as EXT4 journaling file system.

clip_image022

Create Root Partition

9. Next, using the same steps as for previous partitions, create a swap partition with minimum 1 GB . The recommendations are to use double size of your RAM , but 1GB is enough for new machines with a lot of RAM (actually the swapping slows down your machine considerably on non-SSD hard drives).

clip_image024

Create Swap Partition

10. The final partition that you need to make it should be the /home partition. So, select free space again, hit + button and enter the desired size for mount point /home partition. Use EXT4 journaling file system and press OK to create the partition.

clip_image026

Create Home Partition

11. After all the partitions are created hit the Install Now button to begin the installation process and confirm the hard disk changes by hitting the Continue button from the pop-up warning. In case a new warning window appears with Force UEFI Installation, hit both Continue buttons again as illustrated on the below screenshots.

clip_image028

Partition Table: Install Now

clip_image030

Confirm Partition Changes

clip_image031

Force UEFI Installation

12. After the installation process starts, choose your system Keyboard layout and hit Continue to move on the next step.

clip_image033

Select Keyboard Layout

13. On the final step regarding your system configurations, enter the name for the system administrative user with root privileges, type a name for your computer and choose a password to protect the admin user. Select Require my password to log in and hit Continue to finish the system configuration. After this step wait for the installation process to finish.

clip_image035

Create New User Account

clip_image036

Installation Process

14. Finally, after the installation process has reached its end, reboot your machine, eject the bootable media and login to Ubuntu 15.04 using the credentials configured during the installation process.

clip_image037

Installation Complete

clip_image038

User Login

clip_image039

Ubuntu 15.04 Desktop

That’s all! Enjoy the last release of Ubuntu 15.04 on your UEFI machine. Please stay tuned for the next article concerning Ubuntu 15.04 where we will be discussing what to do after you have installed Ubuntu on your machine.

 

Taken From: http://www.tecmint.com/ubuntu-15-04-installation-on-uefi-firmware/

Friday, December 18, 2015

Cisco - Packet Sniffing on a Router

This is very cool and usefull feature that not many people know about, this allows you to capture packets like you do with a PC using Wireshark, and then export them to a file so that you can open and analise it with Wireshark.

This feature is called Cisco’s Embedded Packet Capture (EPC), and it has been around  since IOS 12.4.20T.

Here Im going to show you how to:

  • Capture (Buffer)
  • Save capture to a file on the router’s flash
  • Export the file to a TFTP server on a PC

I tested this on GNS3, this is the topology I created:

PIC1(cut)

you can download my lab at:

note that the PC and Server in the topology are also routers so that you can test it out all in GNS3.

The only external device is the TFTP server, for which I used a host on my local network.

 

PC1

enable
conf t

interface FastEthernet 0/0
ip address 192.168.2.1 255.255.255.0
no shutdown

ip route 0.0.0.0 0.0.0.0 192.168.2.254
do write

 

SERVER

enable
conf t

interface FastEthernet 0/1
ip address 172.16.2.1 255.255.255.0
no shutdown
ip route 0.0.0.0 0.0.0.0 172.16.2.254

do write

 

TFTP SERVER

image_thumb1

 

ROUTER

enable
conf t

interface FastEthernet 0/0
description *** PC1 - LAN ***
ip address 192.168.2.254 255.255.255.0
no shutdown

interface FastEthernet 0/1
description *** SERVER - LAN ***
ip address 172.16.2.254 255.255.255.0
no shutdown

interface FastEthernet 1/0
description *** TFPT - YOUR REAL LAN ***
ip address 192.168.1.240 255.255.255.0
no shutdown

exit

!--- Capture Buffer ------------------------------------------------------
monitor capture buffer BUFFER_CAP size 1024 linear

!-- ID Traffic (ACL) to Capture -------------------------------------
conf t

ip access-list extended ACL_TRAFFIC_SEL  
permit ip host 192.168.2.1 host 172.16.2.1
permit ip host 172.16.2.1  host 192.168.2.1

exit

!-- Relate Buffer and ACL (ID Traffic) --------------------------
monitor capture buffer BUFFER_CAP filter access-list ACL_TRAFFIC_SEL

!-- Capture Point - Fe0 ------------------------------------------------
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
! CEF needs to be On
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

conf t
  ip cef
exit

monitor capture point ip cef CAPTURE_POINT_FE0 FastEthernet 0/0 both

!-- Relate Buffer to Capture Point -------------------------------
monitor capture point associate CAPTURE_POINT_FE0 BUFFER_CAP

!-- Start / Stop Capture -----------------------------------------------
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
! Start Capture
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

monitor capture point start CAPTURE_POINT_FE0

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
! Stop Capture
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

monitor capture point stop CAPTURE_POINT_FE0

!--TSHOOT ------------------------------------------------------------------
show monitor capture buffer all parameters             ! Config and Stats
show monitor capture buffer BUFFER_CAP dump    ! Captured Data
show monitor capture buffer BUFFER_CAP               ! Captured Data - Summary
show monitor capture point all

!-- Export Data to TFTP Server –-----------------------------------
monitor capture point stop CAPTURE_POINT_FE0
monitor capture buffer BUFFER_CAP export tftp://192.168.1.30/capture.pcap

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
! The capture.pcap opens on Wireshark
! if you have Wireshark installed just
! double click on the file to open it
! on wireshark
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

do write

Now on the TFTP SERVER you have a capture.pcap file:

image_thumb2

that you can open with a double click on it if you have Wireshark instaled.

image_thumb4

And there you have it…. start Sniffing…… wlEmoticon-smile2

image_thumb5

Related Links