Thursday, March 23, 2017

[snippets] TCPDUMP, BPF and vlans.

When using TCPDUMP, you have to be aware of the fact that BPF filter (at least the default libpcap and Linux kernel implementations of it) doesn't do proper decoding based on ethertypes. 

In the presence of both tagged and untagged traffic, the naively occuring expression of (example): 

(port 80 or port 25) 

will not catch VLAN-tagged packets at all. 

You have to be explicit and specify the vlan keyword, which (in absence of a VLAN ID) just moves the Ethernet payload offset to the correct place: 

(vlan and (port 80 or port 25))

And then you miss the untagged traffic. 

The proper expression to use is: 

(port 80 or port 25) or (vlan and (port 80 or port 25))

Of course you never do this. 

Of course double-tagging makes thins even worse. 

Of course the same happens with MPLS (and probably whatever else L2-encapsulation scheme drunk CISCO engineers will patch into an "industry standard" next year). 

Of course all this is noted in the TCPDUMP documentation that you never read:

vlan [vlan_id]: True if the packet is an IEEE 802.1Q VLAN packet. If [vlan_id] is specified, only true if the packet has the specified vlan_id.  Note that  the  first  vlan keyword  encountered in expression changes the decoding offsets for the remainder of expression on the assumption that the packet is a VLAN packet.  The vlan [vlan_id] expression may be used more than once, to filter on VLAN hierarchies.  Each use of that expression increments the filter offsets by 4.

Shame on you. 

Wednesday, February 01, 2017

[snippets]: Virtualbox headless VM creation

5  VBoxManage list ostypes
6  VBoxManage createvm --name "Windows 7" --ostype Windows7_64 --register
14  cd VirtualBox\ VMs/
16  cd Windows\ 7/
18  VBoxManage createhd --filename "Windows7.vdi" --size 10000
28  VBoxManage modifyvm "Windows 7" --memory 1024 --acpi on --boot1 
    dvd --nic1 nat
32  vboxmanage storagectl "Windows 7" --name "SATA" --add sata 
    --controller IntelAHCI
35  vboxmanage storageattach "Windows 7" --storagectl "SATA" --port 0 
    --device 0 --type hdd --medium "Windows7.vdi"
36  vboxmanage storageattach "Windows 7" --storagectl "SATA" --port 1 
    --device 0 --type dvddrive --medium /home/blabla/Windows7.iso
48  vboxmanage modifyvm "Windows 7" --vrde on
49  vboxheadless --startvm "Windows 7"
57  vboxmanage modifyvm "Windows 7" --nic1 bridged
61  vboxmanage modifyvm "Windows 7" --bridgeadapter1 enp2s0f1



then connect with RDP to port 3389