Monday, May 23, 2011

How To Capture Data Packets On A Network Using Wireshark (a. k. a. Ethereal)

Wireshark, formerly known as Ethereal, is an amazing Network Monitoring tool. It helps you to capture the data packets being sent/received by your network interface and analyze it.
Warning: Before using Wireshark in promiscuous mode make sure that you have the required permissions to do so. Promiscuous mode, in a way, is packet sniffing and might be able to get rid of the job you currently have. (In simpler words, if you do not own the network or if you are not the network administrator then it can get you fired!)

Now, I am going to demonstrate this using my Fedora 13 box as a client (kept in New Delhi, India) and will connect to an Ubuntu 10.04 machine (kept in Florida, USA) using ssh. Let us check it out step by step.

  1. Install the wireshark using your package manager. You need to install wireshark as well as wireshark-gnome to get the GUI.
    yum install wireshark wireshark-gnome
  2. Launch the wireshark. Do NOT start the analysis yet. We will first switch off the promiscuous mode.
  3. Go to "Capture" and select "Options" and uncheck the "Capture packets in promiscuous mode" check box.
  4. Select the interface you want to listen to. I will listen to eth0, which is usually the default for your first Network Interface. Also specify a capture filter. Check out this list for complete filters and their formats. I will write "host <ubuntu-maachine-ip-addess>".
  5. You are all set but again before clicking start double check that promiscuous mode is turned off. Click Start.
  6. Connect to the Ubuntu server using the Fedora box and the captured packets will be shown. 
Filters are necessary if you want the capture to make some sense. Try it without any filter for once and you will be amazed by seeing the number of packets which pass through your network interface card.
While I have warned you about the promiscuous mode, I encourage you to use it on virtual machine but for learning purpose only (or if you happen to have a small switch or something then create a network for yourself).

Thursday, May 19, 2011

How To Create And Configure IPTables Firewall Using Firewall Builder Step By Step

iptables is an application that enables a system administrator to manipulate Linux Kernel Firewall tables and rules. It is extensively used in packet filtering and to create firewalls. In this post I am going to introduce you to an application called Firewall Builder (also known as fwbuilder) which helps in creating firewalls easily. fwbuilder can be used to create a wide variety of firewalls including Cisco Pix and HP ProCurve but we'll create something simpler, an iptables based firewall. So just follow this step by step tutorial:

  1. Install fwbuilder package. It is GPLed for Linux based systems. Find the install instructions here. Don't worry, there are rpm and deb available.
  2. Once installed, launch the fwbuilder as root user (iptables need root permissions).
  3. Choose the fisrt icon which says "Create new firewall".
  4. Choose the firewall software as "iptables" and suitable OS. If you are not sure about the options then go for "Linux 2.4/2.6". It is the kernel version. Also give the firewall an appropriate name and click next.
  5. Select "Configure Interfaces Manually" and click next.
  6. Click on the tiny green "+" sign on the left and add the ip addresses of your interfaces. Name would be the usual Linux names like "eth0". Now click finish.
  7. Now click on the green "+" sign to add rules. By default these rules are all restrictive. They'll stop ALL the traffic from your network interface so we need to modify them. The easiest way to do so is to right click on the options.
  8. Once you have modified the rule, you need to compile the firewall which will generate the rules from the GUI. Just click the compile button (the one with hammer!)
  9. Now install the firewall by clicking the install button next to the compile button.

So now you can create firewalls easily. Check out the documentation of fwbuilder if you want more detailed instructions.


Tuesday, May 17, 2011

So What Is .htaccess? Directory Level Configuration File For Apache

If you are in web development or if you have ever hosted a website, then chances are that you have also heard of a file named .htaccess. This post will introduce you to .htaccess and will help you in creating some of the basic rules of the same. First off, you need to know that .htaccess is not the name of the file but it is the extension just like .pdf and .txt.
Let us start by enabling the use of .htaccess for you server (usually this is turned off by default). You have to set the AllowOverride to All from None in the Apache configuration file (placed in /etc/httpd/ or /etc/apache2/ usually). Follow this post on Ubuntu Forum if you need more help.

Redirecting URLs
Now let us start with some simple redirects. Unlike mod_rewrite, the redirects done by .htaccess are visible on the client's address bar. Assuming that you would like to redirect http://abc.com/old.html to http://abc.com/new.html, write the following rule in your .htaccess file:
Redirect /old.html http://abc.com/new.html

The last part has to be the full URL of the new location.

Password Protection
.htaccess can also be used to protect your files and directories with a password. For this, you need to create a .htpasswd file which will consist of usernames and passwords (in encrypted format). .htpasswd should be in the following format:
username1:password1
username2:password2
username3:password3

Now you need to create a .htaccess file and provide the required details in proper format as shown below:
AuthName "Restricted Area" 
AuthType Basic 
AuthUserFile /var/www/.htpasswd 
AuthGroupFile /dev/null 
require valid-user 

AuthName is the name of the restriction. You can safely change it to "Provide Password" or any other message. We are using http basic authentication, hence AuthType is Basic. AuthUserFile is the place where I am keeping my .htpasswd file. It is recommended that you should not keep the .htpasswd any your web directory (for me, Fedora user, that is /var/www/html/). The last line says that any valid user can see the content.
You can use this tool to create an .htpasswd and .htaccess easily.

Preventing Directory Listing
If you want to prevent users from seeing what is there in the directory which has no index page, you can use this method to stop the indexing which is on by default. Just add a line into your .htaccess file and you are good to go:
IndexIgnore *

You can use .htaccess to produce a customized error page for every kind of error. Follow the simple sytax below:
ErrorDocument 400 /error/badrequest.html
ErrorDocument 401 /error/pwdreqd.html
ErrorDocument 403 /error/forbidden.html
ErrorDocument 404 /error/notfound.html

You can specify the html inside the .htaccess but I would not recommend it.

Now that you know a little bit about the .htaccess, I would recommend you to go through the Apache Tutorial for the same.