| Security – View HTTP headers using tcpdump |
If you need to trace the HTTP request and response headers by capturing the related packets, you can use tcpdump in this way:
tcpdump -i ens192 -A -s 10240 'tcp port 80' | grep -v IP | egrep --line-buffered "..(GET |\.HTTP\/|POST |HEAD )|^[A-Za-z0-9-]+: " |sed -r 's/..(GET |HTTP\/|POST |HEAD )/\n\n\1/g'
For example, filtering tcp port 80 and 192.168.10.100 IP address:… Read more
| Linux – TCP listener daemon with tcpserver |
To configure passive checks in Nagios/icinga I use a tcp listener daemon that launches a script (See Nagios – Using passive checks without agent)
Tried to use inetd superserver daemon, but in the last versions, i have not been able to make it work correctly (See last update in my post: Linux – cannot found / missing inetd.conf)… Read more
| F5 BIG-IP – Apply SNAT to client subnet or IP |
In certain scenarios it can be interesting or necessary to apply SNAT only to certain client IPs when accesing a virtual server to f.e. avoid assymetric routes, when the server gateway is not the F5… (take a look at this link for more examples).
These are the steps (im using BIG IP v13)…
I prefer the … Read more
| Checkpoint – dropped Reason: UDP packet that belongs to an old session |
Last week I came across a DHCP problem. Devices from certain VLAN were not getting DHCP assigned IP.
Even though firewall policy should have accepted those packets, tcpdump showed Checkpoint gateway was not forwarding them to the destination.
To capture DHCP traffic:
# tcpdump -n -i <interface> port 67 or port 68 -eIncoming interface DHCP tcpdump:
# tcpdump
| Windows – Add secondary IP addresses to interface |
Sometimes it is neccesary to configure a network interface to listen on more than one IP (for example, web servers containing multiple SSL certificates…)
After adding the new secondary IPs, If not explicitly avoided, outgoing traffic can be generated also by these instead of only by the primary. These can lead to connection errors (for example firewall receiving unexpected … Read more
|
| Checkpoint – Hide NAT vs Static NAT |
This post tries to be a simple explanation of the Hide NAT and Static NAT concepts.
Given the following simple company network let’s see how this NAT types could fit in this scenario:
