Hi all ,
This post is for my friends who are stuck behind proxy that needs authentication and wants to use subversion for fetching latest source codes , and use other tools dependent on subversion like msfupdate(Metasploit update).
Do to the proxy settings go to /etc/subversion and edit servers file .
You need to edit global section of this file . A snippet is given below.
[global]
# http-proxy-exceptions = *.exception.com, www.internal-site.org
http-proxy-host = Myhost
http-proxy-port = Myport
http-proxy-username = Myusername
http-proxy-password = Mypassword
# http-compression = no
# http-auth-types = basic;digest;negotiate
# No http-timeout, so just use the builtin default.
# No neon-debug-mask, so neon debugging is disabled.
One can also add exceptions . The group settings can also be used to specify the proxy server , but these will be particular to a group.
I needed sometime to figure it out as the Svn site don't explain this clearly.
Thanx for reading:)
Always have your stuff when you need it with @Dropbox. Sign up for free! http://db.tt/V9f0DFoI
Sunday, June 20, 2010
Wednesday, June 16, 2010
Installation Guide For PF_RING
Hi,
This is my first guide so please bear with me for any disrespencies.
These steps were tested on Intel Core 2 Duo machine with 4 GB Ram and Intel(R) PRO/1000 Network Card , with Ubuntu 9.10 installed.This guide explains the installation procedure for Version 4.3.1
PF_RING implementation by Luca Deri is a great method for efficient Packet Capture on Commodity Hardware.It can be found on http://www.ntop.org/PF_RING.html
I made a clean install,no other packages were installed other than mentioned.
- Uninstall libpcap and other dependent applications/library using syanptic or apt-get
- Install subversion(For fetching latest source codes),flex and bison(Required to recompile pf_ring aware pcap),ethtool(if not preinstalled,required for some basic Nic info of your computer)
- Use Subversion to fetch source codes
svn co https://svn.ntop.org/svn/ntop/trunk/PF_RING/ PF_RING - Check your current network card/driver using ethtool
ethtool -i eth0 #change eth0 to your ethernet card
Sample
driver: e1000e
version: 1.0.2-k2
firmware-version: 0.4-3
bus-info: 0000:00:19.0
use man ethtool for more information on how to use ethtool
As of version 4.3.1 PF_RING can be fully exploited only on the PF_RING aware device drivers.The modified device drivers for some of the popular network cards can be found in PF_RING/drivers .
These are modified version of the drivers supplied from respective companies.(Might be a bit older sometimes but will work) - Unload the ethernet card driver (this is shown in the first line of output of above command
sudo rmmod e1000e
- Change current working directory to kernel
cd PF_RING/kernel
- Make the source codes
make
Here i had observed that many a times people(even I on first attempt)use sudo make or sudo -s , make . The former is not a correct method and will give you errors such as bounds.c missing , etc.
Latter is also wrong but will do the job . The reason for such a thing is better explained by the difference in the command "sudo" and "sudo -s" . This can be found at http://ubuntuforums.org/showthread.php?t=983645 , or searching for "difference between sudo and sudo -s" on our favorite google - Now install the newly build source
sudo make install
- Change the working directory to PF_RING/userland/lib
cd ../userland/lib
- Again build the source codes
make
- Install the library (This include pfring.h)
sudo make install
- One bizarre thing that I observed is that the make install copies pfring.h to /usr/local/include but leaves the other dependent files these are :-
- pfring_e1000e_dna.c
- pfring_e1000e_dna.h
cp pfring_e1000e_dna.c /usr/local/include
cp pfring_e1000e_dna.h /usr/local/include
- Now we have to compile PF_RING aware pcap library . Change the working directory to userland/libpcap-1.0.0-ring
cd ../libpcap-1.0.0-ring/
- Configure
./configure
- Build the sources
make
- Install pf_ring aware libpcap
sudo make install
- Now we need to install the device driver(pf_ring aware).Change the working directory to drivers/
/ /src
In my case it is "drivers/intel/e1000e-1.0.15/src"
cd ../../drivers/intel/e1000e-1.0.15/src
- Build the source
make - Install the driver
sudo make install
- Now we need to activate PF_RING if its not already activated . You can use lsmod to check if pf_ring is started or not.Change the working diectory to /lib/modules/
/kernel/net/pf_ring .
cd /lib/modules/2.6.31-14-generic/kernel/net/pf_ring
Use uname -r to get the kernel version
- Enable PF_RING(if already enabled you can disable it using sudo rmmod pf_ring)
sudo insmod pf_ring.ko transparent_mode=1
More on transparent mode can be found at http://www.ntop.org/blog/?p=56 - Now enable to enable your driver go to /lib/modules/
/kernel/drivers/net/e100e
cd /lib/modules/2.6.31-14-generic/kernel/drivers/net/e1000e
- Enable the driver
sudo insmod e1000e.ko
- Now you can start working on your PF_RING application.You will have to recompile many applications such as tcpdump(modified included),network manager etc. Google for doing so :)
Hoping for a positive reviews :) and comments .I l soon post the usage guide for PF_RING .
Subscribe to:
Posts (Atom)