Some time ago I installed a new firewall at the customer’s site. Meanwhile the customer was interested in the flows that are traversing through the firewall right now. Oh. Good question. Of course it is easy to filter through log messages of firewalls, but theses logs are only for finished sessions. Yes, there are “session browsers” or the like on all firewalls, but they are not nice and handy to analyze the sessions in real-time.
The solution was to bring a network analyzer on a mirror port near to the firewall. I decided to use ntopng running on the live Linux distribution Knoppix. Great choice! An old notebook with two network adapters fits perfectly. A handful commands and you’re done:
Continue reading Out of the Box Network Analyzer “ntopng”
When explaining IPv6 I am always showing a few Wireshark screenshots to give a feeling on how IPv6 looks like. Basically, the stateless autoconfiguration feature (SLAAC), DHCPv6, Neighbor Discovery, and a simple ping should be seen/understood by any network administrator before using the new protocol.
Therefore I captured the basic IPv6 autoconfiguration with a Knoppix Linux behind a Telekom Speedport router (German ISP, dual-stack) and publish this capture file here. I am using this capture to explain the basic IPv6 features.
Continue reading Basic IPv6 Messages: Wireshark Capture
While parsing logfiles on a Linux machine, several commands are useful in order to get the appropriate results, e.g., searching for concrete events in firewall logs.
In this post, I list a few standard parsing commands such as grep, sort, uniq, or wc. Furthermore, I present a few examples of these small tools. However, it’s all about try and error when building large command pipes. ;)
Continue reading Logfile Parsing
This post shows a guideline for a basic installation of the open source syslog-ng daemon in order to store syslog messages from various devices in a separate file for each device.
I am using such an installation for my firewalls, routers, etc., to have an archive with all of its messages. Later on, I can grep through these logfiles and search for specific events. Of course it does not provide any built-in filter or correlation features – it is obviously not a SIEM. However, as a first step it’s better than nothing. ;)
Continue reading Basic syslog-ng Installation
This is a tutorial on how to configure the GlobalProtect Gateway on a Palo Alto firewall in order to connect to it from a Linux computer with vpnc.
Short version: Enable IPsec and X-Auth on the Gateway and define a Group Name and Group Password. With this two values (and the gateway address), add a new VPN profile within vpnc on the Linux machine. Login with the already existing credentials.
Long version with screenshots comes here:
Continue reading Palo Alto GlobalProtect for Linux with vpnc
This post describes how to add a Linux machine to the MRTG/Routers2 monitoring server. First, the host must be able to process SNMP requests. Then, a *.cfg file for MRTG/Routers2 is created by running the “cfgmaker” tool with a host-template. Since a few values are wrong in the cfgmaker file, I also explain how to correct them. Finally, I am adding the mrtg-ping-probe lines to the configuration.
Continue reading MRTG/Routers2: Adding a Linux Host
I always wanted to monitor my private network with an open source tool. Since I knew some nice statistics, e.g. from the DE-CIX (printed with RRDtool) or from the Uni-Gießen (generated with MRTG), I had the idea of installing such a system by myself. Luckily I found a book from Steve Shipway, called “Using MRTG with RRDtool and Routers2“, which actually disappointed me because it did not offer a complete installation guide but mainly further information about fine-tuning the appropriate tools.
Therefore, I want to show a complete step-by-step installation of all the needed tools in order to monitor a network with MRTG, RRDtool and Routers2. “From scratch” means that there are no prerequisite to this installation guide except a plain Linux server (in my case a Ubuntu Linux) such as presented here. Okay, let’s go: Continue reading MRTG with RRDtool and Routers2 – Installation from Scratch
A few days ago I needed to use vi for a simple change in a single file. However, I am not using vi in normal situations since I prefer the usage of “nano“. Since I only needed to edit a few lines, all the command references I found on the Internet were much to overwhelmed, so I decided to write a really tiny vi tutorial which only shows the commands in order to edit a file and to close it afterwards. Here we go:
Open the file with
Go into the edit mode with “i” and edit the text. When you are finished, hit the Esc key to leave the edit mode. Type a colon followed by an “x” (appears at the bottom line) to quit vi with saving the changes. Thats it. Here is the sequence at a glance:
Continue reading A Really Tiny “vi” Tutorial
Okay, I know this contains nothing new for many of you but I need it from time to time: It is simply a list of tools I need after a new Linux server installation (used with Ubuntu server) as well as some further hints for the installation process such as static IP addresses, NTP or Syslog forwarding. So, after the initial installation of a server I am doing the following steps:
Continue reading New Linux Server Program Installation