If you need to trace the HTTP request and response headers by capturing the related packets, you can use tcpdump in this way:
tcpdump -i ens192 -A -s 10240 'tcp port 80' | grep -v IP | egrep --line-buffered "..(GET |\.HTTP\/|POST |HEAD )|^[A-Za-z0-9-]+: " |sed -r 's/..(GET |HTTP\/|POST |HEAD )/\n\n\1/g'
For example, filtering tcp port 80 and 192.168.10.100 IP address:… Read more
To configure passive checks in Nagios/icinga I use a tcp listener daemon that launches a script (See Nagios – Using passive checks without agent)
Tried to use inetd superserver daemon, but in the last versions, i have not been able to make it work correctly (See last update in my post: Linux – cannot found / missing inetd.conf)… Read more
In certain scenarios it can be interesting or necessary to apply SNAT only to certain client IPs when accesing a virtual server to f.e. avoid assymetric routes, when the server gateway is not the F5… (take a look at this link for more examples).
These are the steps (im using BIG IP v13)…
Create a SNAT pool
I prefer the … Read more
Last week I came across a DHCP problem. Devices from certain VLAN were not getting DHCP assigned IP.
Even though firewall policy should have accepted those packets, tcpdump showed Checkpoint gateway was not forwarding them to the destination.
To capture DHCP traffic:
# tcpdump -n -i <interface> port 67 or port 68 -e
Incoming interface DHCP tcpdump:
… Read more
Sometimes it is neccesary to configure a network interface to listen on more than one IP (for example, web servers containing multiple SSL certificates…)
After adding the new secondary IPs, If not explicitly avoided, outgoing traffic can be generated also by these instead of only by the primary. These can lead to connection errors (for example firewall receiving unexpected … Read more
This post tries to be a simple explanation of the Hide NAT and Static NAT concepts.
Given the following simple company network let’s see how this NAT types could fit in this scenario:
- We need the web server to be published, so it needs to be accesible from the Internet
- We need all the workstations to be able to browse
… Read more