Author Archives: Vyacheslav

IPTables rules for ntopng

First of all, let’s look at the current IPTables rules:

iptables -nvL

To open the ntopng port, add the rule:

sudo iptables -A INPUT -m tcp -p tcp --dport 3000 -j ACCEPT

To open the ntopng port for a specific network or IP only:

sudo iptables -A INPUT -m tcp -p tcp --dport 3000 -s 10.0.0.0/24 -j ACCEPT

See also my articles:
Configuring IPTables
Install and configure ntopng

IPTables rules for nprobe

First of all, let’s look at the current IPTables rules:

iptables -nvL

In order for nprobe to accept NetFlow data, open the port for it:

sudo iptables -A INPUT -p udp --dport 2055 -j ACCEPT

In order for nprobe to accept NetFlow data only from a particular network or IP:

sudo iptables -A INPUT -s 10.0.0.0/24 -p udp --dport 2055 -j ACCEPT

See also my articles:
Configuring IPTables
Install and configure nprobe

Install and configure nprobe

Suppose we installed ntopng as I described in this article – Install and configure ntopng
That is, they selected the necessary package at http://packages.ntop.org/apt-stable/ and downloaded it:

wget wget http://apt-stable.ntop.org/16.04/all/apt-ntop-stable.deb
sudo dpkg -i apt-ntop-stable.deb

Install nprobe if it is not installed:

sudo apt-get clean all
sudo apt-get update
sudo apt-get install nprobe

To receive NetFlow data and transfer it to ntopng, create a file (in the nano editor, press CTRL+X to exit, y/x to save or discard changes):

sudo nano /etc/nprobe/nprobe-anyname.conf

Add to it:

--zmq="tcp://*:5556"
-3 2055
--flow-version 9
-n=none
-i=none

2055 is the port on which you want to receive NetFlow data, and port 5556 is used to transmit it to ntopng.
See my articles on configuring NetFlow on switches:
Configuring NetFlow on Cisco
Configuring sFlow on D-Link Switches
Setting up and using Traffic Flow in Mikrotik

Now it remains to open the ntopng configuration in a text editor:

sudo nano /etc/ntopng/ntopng.conf

And add a line at the end (thereby adding the nprobe interface to collect statistics):

--interface="tcp://127.0.0.1:5556"

It remains to restart ntopng to apply the changes:

sudo service ntopng restart

Check whether everything works:

sudo netstat -tulpen | grep 2055
sudo netstat -tulpen | grep 5556
sudo /etc/init.d/nprobe status

I noticed that nprobe does not always shut down after the command:

sudo /etc/init.d/nprobe stop

Therefore, if necessary, you can stop it like this:

sudo killall nprobe
sudo kill -9 PID

In the free version of nprobe, I had a message:

NOTE: This is a DEMO version limited to 25000 flows export.

The full version can be purchased at the official site of shop.ntop.org.

See also:
IPTables rules for nprobe

Configuring sFlow on D-Link Switches

sFlow – Traffic analysis protocol, similar to NetFlow.

Enable/disable sFlow on the switch:

enable/disable sflow

Viewing parameters:

show sflow
show sflow flow_sampler
show sflow counter_poller
show sflow analyzer_server

Adding/modifying the sFlow analyzer server:

create/config sflow analyzer_server 1-4 owner NAME timeout 1-2000000(sec)/infinite collectoraddress ADDRESS collectorport udp_PORT maxdatagramsize 300-1400

Example of removing the sFlow analyzer server:

delete sflow analyzer_server 1-4

Creating, modifying, deleting the sFlow polling counters:

create/config sflow counter_poller ports NUMBER/all analyzer_server_id 1-4 interval disable/20-120(sec)
delete sflow counter_poller ports NUMBER/all

Create, modify, delete sFlow sample ports:

create/config sflow flow_sampler ports NUMBER/all analyzer_server_id (1-4) rate value 0-65535 tx_rate value 0-65535 maxheadersize value 18-256
delete sflow flow_sampler ports NUMBER/all

I will give an example of setting:

enable sflow
create sflow analyzer_server 1 owner Linux collectoraddress 192.168.1.5 collectorport 6343
create sflow counter_poller ports 1 analyzer_server_id 1 interval 20
create sflow flow_sampler ports 1:1 analyzer_server_id 1 rate 1000 maxheadersize 128

The solution to the error “Missing /etc/ntopng/ntopng.start. Quitting”

I tried to run ntopng once:

sudo /etc/init.d/ntopng start

And got the following start error:

* Missing /etc/ntopng/ntopng.start. Quitting
…fail!

ntopng was started only like this:

sudo /etc/init.d/ntopng force-start

To solve an error, just create an empty file:

sudo touch /etc/ntopng/ntopng.start
sudo /etc/init.d/ntopng restart

See also:
Install and configure ntopng

Why Hyper-V virtual machines are not always available over the network

Suppose the server has one network card and in network connections it can be seen as “Ethernet”, but after adding the Hyper-V role, a virtual switch vEthernet (…) is created.

Virtual machines can be seen from other computers but can not be seen from the local.

Therefore, for virtual machines to be accessible from the local machine, you must disable the DHCP client to Ethernet, or assign an IP address manually, then the virtual switch vEthernet (…) will receive IP instead of Ethernet because they have the same The MAC address.

How to delete a page VKontakte

To delete a VK page, you need to login using your login and password, click the upper right of the icon and select “Settings”.
Below, click on the link “You can delete your page”.

Next, you need to select the reason for the deletion, you can uncheck the “Tell your friends” box if you do not want all friends to see the message and the reason for the deletion.
And click “Delete page”.

In my case, a message was displayed that the page was deleted and it can be restored to the specified date (within 7 months).

Using netwox

I will give examples of using netwox and describe them.
I described the netwox installation in this article – Установка netwox

Example of a standard startup:

sudo netwox

netwox has quite a lot of functions, you can see them by pressing after starting the number 3 and Enter.

Network configuration display:

sudo netwox 1

Display debugging information:

sudo netwox 2

Display information about the IP address or host name:

sudo netwox 3 example.com

Displaying information about the MAC address:

sudo netwox 4 -e 00:15:5D:38:01:08

Obtaining MAC addresses from the IP list:

sudo netwox 5 -i 192.168.1.0/24

Display information that will be used to reach the specified IP address:

sudo netwox 6 192.168.24.254

Sniffer, displaying the transmitted packets on the screen:

sudo netwox 7

Sniffer, displaying only the list of open ports that were used in the captured packets:

sudo netwox 8

Sniffer, mapping of MAC and IP addresses:

sudo netwox 9

An example of capturing packets and displaying brief statistics (the number of packets counted, the size of packages, the percentage of the number of packets (c%), the percentage of the size (s%)):

netwox 10 -d eth0

Convert a digit to an encrypted one:

sudo netwox 21 -n number

Converting a string to an encrypted string (sha256, md5, etc.):

sudo netwox 22 -d text

Show ASCII table:

sudo netwox 23

Check the security of the directory:

sudo netwox 25 /tmp/

Example of ICMP PING:

sudo netwox 49 -i 192.168.24.253

Example of ARP PING:

sudo netwox 55 -i 192.168.24.253

Example ICMP route tracing:

sudo netwox 57 -i examle.com

Example of TCP route tracing:

sudo netwox 59 -i examle.com

Example UDP route tracing:

sudo netwox 61 -i examle.com

Example of port scanning:

sudo netwox 67 -i 192.168.24.254 -p 1-1000

ICMP scanning for availability:

sudo netwox 65 -i 192.168.1.0/24

TCP port access scan:

sudo netwox 67 -i 192.168.1.0/24 -p 80

UDP port access scan:

sudo netwox 69 -i 192.168.1.0/24 -p 80

ARP scanning:

sudo netwox 71 -i 192.168.1.0/24

Flood random fragments:

sudo netwox 74 -i 192.168.24.254

Filling the table of MAC-addresses of the switch by sending a flood:

sudo netwox 75

Synflood:

sudo netwox 76 -i 192.168.24.254 -p 80

etc.