Networking
Find the Geopgraphical Location of an IP Address
There are a few applications that give the geographical location of an IP address *. My favorite one is VisualRoute. It not only maps the location of the source and destination IP addresses, but also all the hops in between. The down side to it is that it is not available for Linux and it costs $50 per user.
The http://mapulator.com site gives you pretty much the same information online for free, but it has been down for quite some time now.
Lately I have been using http://whatismyipaddress.com/ip-lookup. But it only maps the destination IP address.
If anyone knows of a Linux application that would map all the hops and the final IP destination, please leave a comment!
* IP addresses do not have a geographical location per se. Any program that maps IP addresses can only give you where the whole class of IP addresses (that the specified IP address belongs to) is registered to be located at. They do this by querying a database that has that information. This is accurate down to a city level at best. Do not expect to find where someone lives by their IP address!
How to Resume Partial File Transfers
I work primarily with UNIX and Linux machines and scp is my main choice to transfer files with. It is both convenient, short and secure.
Example:
scp localfile user@remotecomputer:/path/to/target/dirRecently I was transferring an 8GB file and due to a network issue, the transfer was interrupted at nearly 40%.
I found a solution at joen.dk ,which uses rsync to resume the transfer:
rsync --partial --progress --rsh=ssh host:remote_file local_fileNow we can improve this slightly by shortening the above command. We can substitute –rsh=ssh with -e ssh, and use -P instead of –partial –progress. Also, you can add user@host if you need to specify a different remote shell user:
rsync -P -e ssh user@host:remote_file local_fileThis above example will work with any file that was partially transfered. How the transfer was started does not really matter. It could be through scp, nc or even ftp. After you execute the above command it will take rsync a little time to verify the previously downloaded part before it continues with the rest. Be patient, depending on your network speed rsync could take some time to go through what you have already transfered. Of course this is much faster than if you were to start the download all over again and it shows you the progress in percentages.
Keep in mind that there have to be a couple of requirements in place in order to resume the file transfer with rsync:
1. You should have remote shell access.
2. The remote machine should have rsync installed. Since rsync is by default on most Linux distributions that generally should not be an issue.
Alternative ways to transfer files when you do not have ftp or sftp server available
Very often I find myself having to transfer files to remote machines that do not have ftp or sftp server running.
Here are a few methods that I use in those cases:
- Using scp:
The secure copy protocol and command are part of ssh. I am assuming that you have Linux or Unix boxes that you are dealing with. If any of them are Windows computers you need to install ssh servers and clients respectively.
The command looks like this:scp source_file user@IP:pathFor example, if I wanted to copy the 1.txt file to the /tmp directory on the remote computer with ip address of 24.155.21.105 as root, I would do:
scp 1.txt root@24.155.21.105:/tmp/ - Using ssh:
cat source_file | ssh user@IP -c ‘cd /target_dir ; cat > target_file’For example if I wanted to transfer my local file 1.txt to the same remote host and save it in the /tmp directory under the name of 2.txt, I would do:
cat 1.txt | ssh root@24.155.21.105 -c ‘cd /tmp ; cat > 2.txt’ - Using netcat:
First you need to start a netcat server on your local machine to serve the files:
cat source_file | nc -l port_numberThen on the computer receiving the file you do:
nc IP port_number > target_fileFor example, if I wanted to send the same file 1.txt to the same remote computer and save it as 2.txt over port 3030 (you can chose any port, but make sure it is over 1024), I would do:
On the local computer:
cat 1.txt | nc -l 3030On the remote computer, receive the file by specifying the IP address of the machine sending the file:
nc 122.45.62.10 3030 > 2.txtAgain, note here that the ip address specified is of the computer sending the file (unlike the previous examples with scp and ssh).
Find out the subdomains of a given domain name with dig
First, find out the name server(s) for the domain name in question:
dig wikipedia.comLook under the “AUTHORITY SECTION”:
;; AUTHORITY SECTION:
wikipedia.com. 163475 IN NS ns2.wikimedia.org.
wikipedia.com. 163475 IN NS ns1.wikimedia.org.
wikipedia.com. 163475 IN NS ns0.wikimedia.org.In this case wikipedia.com has 3 name servers: ns0.wikimedia.org, ns1.wikimedia.org and ns2.wikimedia.org. Now we can query one of these three servers for the subdomains of wikipedia.com:
dig @ns1.wikimedia.org wikipedia.com axfrHere is what we get back (the list is rather long, so I have truncated it quite a bit);
; <<>> DiG 9.5.0-P2 <<>> @ns1.wikimedia.org wikipedia.com axfr
; (1 server found)
;; global options: printcmd
wikipedia.com. 3600 IN A 208.80.152.2
wikipedia.com. 86400 IN NS ns0.wikimedia.org.
wikipedia.com. 86400 IN NS ns1.wikimedia.org.
wikipedia.com. 86400 IN NS ns2.wikimedia.org.
wikipedia.com. 3600 IN MX 50 lists.wikimedia.org.
wikipedia.com. 3600 IN MX 10 mchenry.wikimedia.org.
aa.wikipedia.com. 3600 IN CNAME rr.wikimedia.org.
aa.mobile.wikipedia.com. 3600 IN CNAME rr.wikimedia.org.
aa.wap.wikipedia.com. 3600 IN CNAME rr.wikimedia.org.
ab.wikipedia.com. 3600 IN CNAME rr.wikimedia.org.
ab.mobile.wikipedia.com. 3600 IN CNAME rr.wikimedia.org.
ab.wap.wikipedia.com. 3600 IN CNAME rr.wikimedia.org.
...
...
...Note: Not all dns servers will allow axfr protocol queiries. Those will return “Transfer failed”.
KARMA on the Fon and Sniffing Wireless Network Traffic with Ubuntu – Step by Step
KARMA is an application that transforms the right wireless NIC into the ultimate Access Point. Unlike a regular AP, which advertises its SSID to whoever wants to connect to it, the KARMA enabled AP passively listens to any client wireless requests and then responds to it with the SSID that it probed for and thus impersonating virtually any Access Point. In short, it presents itself to each client as whatever the client wants it to be and allows it to establish a connection. So it can be “Linksys” to one computer, “MyHome” to another and completely different to someone else.
In order to run KARMA, you need a wireless card with the appropriate chipset, which supports the MadWifi drivers. As a general rule the Atheros based chipset are compatible with MadWifi, but you can check the complete list with the supported hardware just in case before you buy anything.
MadWifi drivers and KARMA are included in the BT3 Linux distribution and that makes it real easy to turn your laptop into the perfect Access Point. Just boot into BT3 from a CD or a USB thumb drive.
KARMA also simulates different services like FTP and DNS so that you can temporarily trick the wireless clients that they are getting somewhere, just like a “honey pot”. Although this is a lot of fun, a lot more exciting is when you reroute them out to the internet so that they can browse just like they expected and at the same time you can examine their network traffic without them even suspecting anything.
In this case it is best to install KARMA on a router. Just make sure it has the right wireless chipset, then blow out the firmware it came with and install DD-WRT, OpenWRT, Tomato or any of the sort, then put KARMA on it and you are good to go. There is a very neat project started by Darren Kitchen and the folks at HAK5, called Jasager. They installed KARMA on a fon router and created a quick web front end to it. In HAK5’s episode # 412 Darren demonstrates network sniffing and session hijacking of the wireless clients connected to Jasager from Windows.
The fon router is relatively quite small and very appropriate for this purpose. So I bought a fonera router myself, put OpenWRT and KARMA on it and continued from there. Check out Darren Kitchen’s step by step process of how to accomplish this.
Lets look at how the network set up will theoretically work. We need to reroute the network traffic from the fon router to the internet and have a packet sniffer like Wireshark in the middle. For this I need to set up a simple gateway on my Ubuntu laptop that will be between the fon router and the Internet. I also have to set up a DHCP server to assign IP addresses to all the wireless clients as they connect to my AP. In this case I will connect the fon router to my Ethernet jack and I will use my wireless NIC on my laptop to connect it to my home router, which gives me the Internet access. Here is a simple diagram of how this will look:
Network Diagram
Step 1. Install the DHCP server and the front end to it for easy configuration:
sudo apt-get install dhcp3-server
sudo apt-get install gadmin-dhcpd
The first command above will install the dhcp server and after it finishes it will try to start it and will give you a message that it failed to do so. This is normal, since you have not configured it yet, so just ignore it for now and execute the second command. We will configure it in Step 3.
Step 2. Install a front end graphics tool to set up the gateway:
sudo apt-get install firestarter
Step 3. Configure the DHCP server.
We need to keep the 2 NICs on different networks. In my case the Ethernet card that will be connected to the fon router will be on the 192.168.0.0 network and the wireles NIC that is connected to my home router and then to the Internet is on the 192.168.1.0 network.
Start the GADMIN-DHCPD: System Tools -> GADMIN-DHCPD.
Under “Scope settings” put in the network interface name (in my case it is eth0). You can find out all the interfaces on your computer by running the ifconfig command. Then put in 192.168.0.0 for a “Network address” and finally 255.255.255.0 for the “Subnet mask”. Now click the “Apply” button. You also need to specify the range of IP addresses that the dhcp server can use. So under “Shared IP-addresses ranges” put- “Range from: 192.168.0.10 to: 192.168.0.110″. Then click the “Add” button:
DHCP server configuration
Step 4. Before we can configure our wired interface, we need to give the fon router a static IP address and DHCP server IP. Connect your fon router to your Ethernet port and power it on. Now open your browser and connect to the webif interface of the router. In my case it is http://192.168.1.1/webif.html (Refer to Daren Kitchen’s tutorial if needed). Go to the “Network” tab and change the connection type to DHCP, leave the “Type” to “Bridged” and put in the IP address of 192.168.0.250 and the Subnet mask of 255.255.255.0. Click “Save Changes” and then “Apply Changes” in the bottom right corner of the page. And finally, in the “Connection Type” drop-down go back to Static IP and make sure that the new settings are retained:
Webif Interface
At this point you can power off the fon router for now. The next step is to give static IP settings to the wired NIC in order to put it on the same network as the fon router. The 192.168.0.0 network in this case.
Step 5. Configure the Ethernet NIC that the fon router is connected to:
Go to System -> Preferences -> Network Configuration or you can right-click on the networks incon on your menu bar and select Edit Connections:
Wired NIC Configuration
Then under the “Wired” tab select your interface and hit “Edit”. Then hit the IPv4 tab, select “Manual” from the “Method” dropdown. Hit the “Add” button and put 192.168.0.1 for the IP address, 255.255.255.0 for the Netmask and leave the Gateway blank. You need to also specify a DNS server. There are a hundred different ways you can find your DNS server but the easiest in Linux would be to look at the /etc/resolv.conf file. So, execute the command more /etc/resolv.conf and use that IP address as your DNS server. In my case, the DNS server for my laptop is my router at IP address 192.168.1.1 (you can also use your ISP’s DNS server). In any case, keep in mind that if you take your laptop somewhere else (for example your local coffee shop) the DNS server will change. After you are done, hit “OK”:
Wired NIC Configuration
Now the wired interface is configured to the 192.168.0.0 network, the DHCPD settings have the same network and interface, and the fon router is also configured on the same network.
Step 6. Power up the fon router. Now you should be able to connect to it on IP address 192.168.0.250. Open up your browser and this time connect to the “Ysager” page. Enter http://192.168.0.250. The Jasager page should come up:
Jasager
Step 7. Configure the gateway.
The only thing that is left is to configure the gateway so that we can forward the traffic from the wired NIC to the other interface pointing out to the Internet (the wireless NIC in this case, which is connected to the home router and then out to the Internet). Linux has this built into the kernel and we can set all this up using the command line to do the so called “masquerading”, but it is much easier to use a GUI tool that we installed in Step 2.
Fire up the firestarter: Go to Internet -> Firestarter.
First it will ask you to specify your Internet connected device. In this case it is my laptop’s wireless interface, so I chose “wlan0″ from the dropdown. Click “Forward” and in the next screen specify your wired Ethernet interface (in this case eth0), then select the checkbox named “Enable Internet connection sharing”:
Firestarter LAN Device
Next click “Forward” again, and finally click “Save”. This will start the gateway. You should see something like this (only without the vmnet interfaces, those are there because I have VMWare server installed on this machine):
Firestarter Running
Now enable the DHCP. Click on the “Preferences” button in the above screen. Go to “Network Settings” and select the checkbox “Enable DHCP for the local network” and hit “Accept”:
Firestarter Preferences
At this point you can test if your router can find its way to the Internet through your gateway. Just start a terminal session. Type ssh root@192.168.0.250 and enter your password when prompted. After you log in, just ping any Internet site like- ping yahoo.com, you should be getting responses back:
$ ssh root@192.168.0.250root@192.168.0.250’s password:BusyBox v1.4.2 (2007-09-29 07:21:40 CEST) Built-in shell (ash)
Enter ‘help’ for a list of built-in commands.
_______ ________ __
| |.—–.—–.—–.| | | |.—-.| |_
| - || _ | -__| || | | || _|| _|
|_______|| __|_____|__|__||________||__| |____|
|__| W I R E L E S S F R E E D O M
KAMIKAZE (7.09) ———————————–
* 10 oz Vodka Shake well with ice and strain
* 10 oz Triple sec mixture into 10 shot glasses.
* 10 oz lime juice Salute!
—————————————————
root@net1:~# ping yahoo.com
PING yahoo.com (68.180.206.184): 56 data bytes
64 bytes from 68.180.206.184: icmp_seq=0 ttl=48 time=85.0 ms
64 bytes from 68.180.206.184: icmp_seq=1 ttl=48 time=84.3 ms
64 bytes from 68.180.206.184: icmp_seq=2 ttl=48 time=86.3 ms— yahoo.com ping statistics —
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 84.3/85.2/86.3 ms
This means that your network settings are correct.
Step 8. Enable KARMA and start Wireshark.
Go back to the Jasager screen you opened in your browser in Step 6 and hit the “Change” button next to “Karma is currently: Off” to start KARMA:
Jasager- KARMA is On
The last thing is to fire up Wireshark and start the capture on the eth0 interface. Now you will be able to see all the traffic of anyone connected to your fon router.
Search
Recent Comments
- zjhlogo on How to connect your Android phone to Ubuntu to do development, testing, installations or tethering
- dimitar on Quickly remove special characters from file names
- John on Quickly remove special characters from file names
- John on Quickly remove special characters from file names
- Alin on Quickly remove special characters from file names