Sunday, June 20, 2010

Subversion Proxy settings

Hi all ,

This post is for my friends who are stuck behind proxy that needs authentication and wants to use subversion for fetching latest source codes , and use other tools dependent on subversion like msfupdate(Metasploit update).


Do to the proxy settings go to /etc/subversion and edit servers file .


You need to edit global section of this file . A snippet is given below.




[global]
# http-proxy-exceptions = *.exception.com, www.internal-site.org
http-proxy-host = Myhost
http-proxy-port = Myport
http-proxy-username = Myusername
http-proxy-password = Mypassword
# http-compression = no
# http-auth-types = basic;digest;negotiate
# No http-timeout, so just use the builtin default.
# No neon-debug-mask, so neon debugging is disabled.


 One can also add exceptions . The group settings can also be used to specify the proxy server , but these will be particular to a group.


I needed sometime to figure it out as the Svn site don't explain this clearly.

Thanx for reading:)

Always have your stuff when you need it with @Dropbox. Sign up for free! http://db.tt/V9f0DFoI

Wednesday, June 16, 2010

Installation Guide For PF_RING


Hi,
This is my first guide so please bear with me for any disrespencies.

These steps were tested on Intel Core 2 Duo machine with 4 GB Ram and  Intel(R) PRO/1000 Network Card , with Ubuntu 9.10 installed.This guide explains the installation procedure for Version 4.3.1

PF_RING implementation by Luca Deri is a great method for efficient Packet Capture on Commodity Hardware.It can be found on http://www.ntop.org/PF_RING.html


I made a clean install,no other packages were installed other than mentioned.


  1. Uninstall libpcap and other dependent applications/library using syanptic or apt-get
  2. Install subversion(For fetching latest source codes),flex and bison(Required to recompile pf_ring aware pcap),ethtool(if not preinstalled,required for some basic Nic info of your computer)
  3. Use Subversion to fetch source codes
    svn co https://svn.ntop.org/svn/ntop/trunk/PF_RING/  PF_RING
  4. Check your current network card/driver using ethtool

    ethtool -i eth0
    #change eth0 to your ethernet card

    Sample

    driver: e1000e
    version: 1.0.2-k2
    firmware-version: 0.4-3
    bus-info: 0000:00:19.0



    use
    man ethtool for more information on how to use ethtool

    As of version 4.3.1 PF_RING can be fully exploited only on the PF_RING aware device drivers.The modified device drivers for some of the popular network cards can be found in PF_RING/drivers .

    These are modified version of the drivers supplied from respective companies.(Might be a bit older sometimes but will work)
  5. Unload the ethernet card driver (this is shown in the first line of output of above command

    sudo rmmod e1000e
  6. Change current working directory to kernel

    cd PF_RING/kernel
  7. Make the source codes

    make


    Here i had observed that many a times people(even I on first attempt)use
    sudo make or sudo -s , make . The former is not a correct method and will give you errors such as bounds.c missing , etc.
    Latter is also wrong but will do the job . The reason for such a thing is better explained by the difference in the command "sudo" and "sudo -s" . This can be found at http://ubuntuforums.org/showthread.php?t=983645 , or searching for "difference between sudo and sudo -s" on our favorite google
  8. Now install the newly build source

    sudo make install
  9. Change the working directory to PF_RING/userland/lib

    cd ../userland/lib

  10. Again build the source codes

    make

  11. Install the library (This include pfring.h)

    sudo make install

  12. One bizarre thing that I observed is that the make install copies pfring.h to /usr/local/include but leaves the other dependent files these are :-

    • pfring_e1000e_dna.c
    • pfring_e1000e_dna.h
    Although the function in these files are not required in much of the program, they are include in pfring.h and i don't want to mess up with that.So we copy this to /usr/local/include . Please check this in later versions .

    cp pfring_e1000e_dna.c /usr/local/include
    cp pfring_e1000e_dna.h /usr/local/include
  13. Now we have to compile PF_RING aware pcap library . Change the working directory to userland/libpcap-1.0.0-ring

    cd ../libpcap-1.0.0-ring/

  14. Configure

    ./configure

  15. Build the sources

    make

  16. Install pf_ring aware libpcap

    sudo make install
  17. Now we need to install the device driver(pf_ring aware).Change the working directory to drivers///src
    In my case it is "drivers/intel/e1000e-1.0.15/src"

    cd ../../drivers/intel/e1000e-1.0.15/src
  18. Build the source

    make
  19. Install the driver

    sudo make install

  20. Now we need to activate PF_RING if its not already activated . You can use lsmod to check if pf_ring is started or not.Change the working diectory to /lib/modules//kernel/net/pf_ring .

    cd /lib/modules/2.6.31-14-generic/kernel/net/pf_ring
    Use uname -r to get the kernel version
  21. Enable PF_RING(if already enabled you can disable it using sudo rmmod pf_ring)

    sudo insmod pf_ring.ko transparent_mode=1


    More on transparent mode can be found at
    http://www.ntop.org/blog/?p=56
  22. Now enable to enable your driver go to /lib/modules//kernel/drivers/net/e100e

    cd /lib/modules/2.6.31-14-generic/kernel/drivers/net/e1000e
  23. Enable the driver

    sudo insmod e1000e.ko

  24. Now you can start working on your PF_RING application.You will have to recompile many applications such as tcpdump(modified included),network manager etc. Google for doing so :)
Hoping for a positive reviews :) and comments .I l soon post the usage guide for PF_RING .