Search My Techie Guy

Thursday, February 17, 2022

How to add ISO image to your linux repositories and use it to install basic software packages

Summary:

In this post, we are going to briefly see how you can add your Linux ISO image to the repository and use this to install basic software packages. We shall use an example of installing VSFTPD package used for SFTP service. 
This example was carried out on openSUSE Leap 15.0

Problem or Goal: 

This technique is mostly used when you are working with a new installation and you don't have access to the internet which would otherwise allow you to enable and install packages from online Linux repositories (repos).

Cause: 

Working on new Linux installation with no access to the internet (online repos)

Solution: 

1. Use the command below to check which repos are currently configured for your new installation, at this point you should have no repos enabled. 

# zypper lr -E

2. Use a flash disk to transfer the ISO image file to your new installation and copy it under the /tmp directory. 

3. Use the command below to add the ISO image to the repo

# zypper ar -c -t yast2 "iso:///?iso=\ /tmp/Put_The_ISO_Image_File_Name_Here.iso" "The_Alias_Name_Here"

4. Use the command below to check whether the repo is added successfully. 

# zypper lr -E

5. Use the command below to install the software package:

# zypper -n in vsftpd

Problem Solved?

Yes, with this technique, you can install the basic software packages that come with the ISO image and when you get access to the internet, you can add online repos and install more packages.

Thursday, January 27, 2022

Quick Check - Common WireShark Filters When Troubleshooting Network/Communication Problems

Here is a list of commonly used WireShark filters for network and systems engineers when analyzing packet dumps:

1) Filtering DNS packets according to their "return code" (rcode):

(dns.flags.rcode == x) //Filter dns packets whose rcode is equal to "x".
!(dns.flags.rcode == x) //Filter dns packets whose rcode is NOT equal to "x".


See common "return codes" and their description in the table below:

Return Message

RCODE

Description

NOERROR

0

DNS Query completed successfully

FORMERR

1

DNS Query Format Error

SERVFAIL

2

Server failed to complete the DNS request

NXDOMAIN

3

Domain name does not exist.

NOTIMP

4

Function not implemented

REFUSED

5

The server refused to answer for the query

YXDOMAIN

6

Name that should not exist, does exist

XRRSET

7

RRset that should not exist, does exist

NOTAUTH

8

Server not authoritative for the zone

NOTZONE

9

Name not in zone


2) Filtering packets based on Source and Destination IP Addresses:

(ip.src == 31.13.64.11) && (ip.dst == 10.210.0.10)


3) Filtering M3UA packets based on Origination Point Code (OPC): 

(m3ua.protocol_data_opc == 12345) //Filter M3UA packets whose OPC is equal to "12345".

4) Filtering M3UA packets based on Destination Point Code (DPC): 

(m3ua.protocol_data_dpc == 34567) //Filter M3UA packets whose DPC is equal to "34567".

5) Filtering M3UA packets based on OPC or DPC: 

(m3ua.protocol_data_opc == 12345) || (m3ua.protocol_data_dpc == 34567) //Filter M3UA packets whose OPC is equal to "12345" OR DPC is equal to "34567".

(m3ua.protocol_data_opc == 12345) && (m3ua.protocol_data_dpc == 34567) //Filter M3UA packets whose OPC is equal to "12345" AND DPC is equal to "34567".

6) Filtering GSM MAP packets based on TBCD (Telephony Binary-Coded Decimal) digits: 

(gsm_map.tbcd_digits == "1234567") //Filter GSM MAP packets whose TBCD is equal to "1234567".

7) Filtering TCP/UDP packets based on port number

(tcp.port == 8080) //Filter TCP packets whose source or destination port number is equal to "8080".
(tcp.srcport == 80) //Filter TCP packets whose source port number is equal to "80".
(tcp.dstport == 443) //Filter TCP packets whose source or destination port number is equal to "443".
(udp.port == 53) //Filter UDP packets whose source or destination port number is equal to "53".
(udp.srcport == 53) //Filter UDP packets whose source port number is equal to "53".
(udp.dstport == 53) //Filter UDP packets whose destination port number is equal to "53".


8) Filtering TCAP (Transaction Capabilities Application Part) packets based on OTID (Orig. Transaction Id)/DTID (Dest. Transaction Id)

(tcap.otid == 1a:00:6a:15) //Filter TCAP packets whose otid is equal to "1a:00:6a:15".
(tcap.dtid == 1a:00:6a:15) //Filter TCAP packets whose dtid is equal to "1a:00:6a:15".

9) Filtering Voice packets based on E.164 international telephone numbering plan:   

(e164.calling_party_number.digits == "256723039294") //Filter voice packets whose calling party (A)is equal to "256723039294".
(e164.called_party_number.digits == "254782243131") //Filter voice packets whose called party (B)is equal to "254782243131".

10) Filtering S1AP (Signalling between eNodeB & MME):   

(s1ap.ENB_UE_S1AP_ID == 101) //During LTE Attach & Default EPS Bearer Establishment, The eNodeB allocates 101 as the ENB-UE-S1AP-ID for the new session.
(s1ap.MME_UE_S1AP_ID == 211) //During LTE Attach & Default EPS Bearer Establishment, The MME allocates 211 as the MME-UE-S1AP-ID for the session.

11) Filtering GTP (GPRS Tunneling Protocol) packets:   

(gtp.ptmsi == 0xc6eb8017) //Filter GTP packets whose P-TMSI(Packet Temporary Mobile Subscriber Identity) is equal to "0xc6eb8017".












Taking a TCPDUMP on Linux OS and Writing the packets to CAP file (Wireshark Readable)

Summary: 

In this post, we are going to quickly take a TCP Dump (Capture packets) on a linux server and write the output to a CAP file that is WireShark readable. 

Problem or Goal: 

Used to capture and analyze packets when troubleshooting network/communication problems. 

Cause: 

N/A

Solution (Examples): 

a) TCP Dump on a single physical interface to capture DNS (port 53) packets

#tcpdump -i eth0 -s 2000 -w /tmp/name_of_trace_file.cap port 53

b) TCP Dump on a bonded interface to capture HTTP (port 80) packets

#tcpdump -i bond1 -s 2000 -w /tmp/name_of_trace_file.cap port 80

Note: "-s 2000" limits the packet length to 2000bytes, default packet length is 1024bytes use "-s 0" to remove the packet length limit. 

Problem Solved?

You can then transfer the file by SFTP to your laptop and read it with Wireshark 

Thursday, October 14, 2021

How to grep a zipped file (.gz) without having to first unzipp it

Summary:

In this post, we are going to quickly look at a command to help us grep a zipped file (.gz format) without having to first unzipp it.

Problem or Goal: 

Well in most cases, system logs quickly grow very big and they are archived as zipped files (.gz format). We tend to always find ourselves in situation where we have to search and analyze archived logs when troubleshooting or doing fault analysis or preparing RCA reports. 
This command saves us the time to quickly grep through .gz archives without having to gunzip them, it also saves on the system resources because unzipping a file will consume disk space and cpu.

Cause:

Let's quickly look at apache "access_log" on my webserver:

# cd /var/log/apache2
# ls -ltr

At the moment, the access_log is not archived and i can easily cat and grep



Now am going to archive this file using "gzip" command and attempt to "cat and grep", i will use the gzip command that keeps the original file and creates a compressed copy. 

# gzip -c access_log > access_log.gz

# ls -ltr





Now let's attempt the "cat and grep"



Oops! it's returning nothing!

Solution: 

The solution is to use the "zcat" magic command instead of "cat"

Problem Solved?

Let's see



Yes we have output, it did the magic, we can grep a zipped file without having to first unzip it. 
Cheers.