Installing and Using dhcpdump

dhcpdump – sniffer utility for analyzing DHCP packets.

I will give an example of the installation command in Ubuntu/Debian:

sudo apt-get install dhcpdump

Installation in CentOS:

yum install dhcpdump

Let’s see what network interfaces are in the system:

ifconfig

Example of running dhcpdump with the name of the network interface:

dhcpdump -i eth0

An example of intercepting DHCP packets with only the specified MAC address ending:

dhcpdump -i eth0 -h ^02:b0:eb

I’ll give an example of displaying the result not on the screen, but in a file:

dhcpdump -i eth0 > file.txt

Installing MIB in Ubuntu and Solving the Error “SNMP Cannot Find Module …”

Has noticed an error after executing the command snmpwalk with the indication of MIB instead of OID:

snmpwalk -v 2c -c public 192.168.0.1 ifIndex
ifIndex: Unknown Object Identifier (Sub-id not found: (top) -> ifIndex)

And:

For error such as:
Cannot find module (HOST-RESOURCES-MIB): At line 0 in (none)
Cannot find module (HOST-RESOURCES-TYPES): At line 0 in (none)
Cannot find module (SNMPv2-TC): At line 10 in /usr/share/mibs/netsnmp/UCD-DLMOD-MIB
Cannot find module (SNMPv2-SMI): At line 34 in /usr/share/mibs/netsnmp/UCD-SNMP-MIB
Cannot find module (SNMPv2-TC): At line 37 in /usr/share/mibs/netsnmp/UCD-SNMP-MIB
Did not find ‘enterprises’ in module #-1 (/usr/share/mibs/netsnmp/UCD-SNMP-MIB)
Did not find ‘DisplayString’ in module #-1 (/usr/share/mibs/netsnmp/UCD-SNMP-MIB)
Did not find ‘TruthValue’ in module #-1 (/usr/share/mibs/netsnmp/UCD-SNMP-MIB)
Unlinked OID in UCD-SNMP-MIB: ucdavis ::= { enterprises 2021 }
Undefined identifier: enterprises near line 39 of /usr/share/mibs/netsnmp/UCD-SNMP-MIB
Did not find ‘DisplayString’ in module #-1 (/usr/share/mibs/netsnmp/UCD-DLMOD-MIB)
Did not find ‘ucdExperimental’ in module UCD-SNMP-MIB (/usr/share/mibs/netsnmp/UCD-DLMOD-MIB)
...

We look at the tree of mibs:

snmptranslate -Tp

The solution to the above errors is the execution of the following commands:

sudo apt-get install snmp-mibs-downloader
sudo download-mibs
sudo sed -i "s/^\(mibs *:\).*/#\1/" /etc/snmp/snmp.conf
sudo service snmpd restart

Solution of Postfix error “mailbox_size_limit is smaller than message_size_limit”

I noticed somehow in the logs the following error:

postfix/local[32288]: fatal: main.cf configuration error: mailbox_size_limit is smaller than message_size_limit

And remembered that I recently increased the parameter message_size_limit in the configuration file /etc/postfix/main.cf, which specifies in bytes the maximum size of messages sent and received.
The error occurs because the value of the message_size_limit parameter is greater than the value of mailbox_size_limit, and it should be the reverse, by the way virtual_mailbox_limit is not specified in the configuration file, apparently if it is not specified, then the standard value is 51200000, which in my case was less message_size_limit.

Let’s look at the value specified in the configuration file mailbox_size_limit and virtual_mailbox_limit (-d shows the standard value):

postconf -n | grep mailbox_size_limit
postconf -d | grep mailbox_size_limit
postconf -n | grep virtual_mailbox_limit
postconf -d | grep virtual_mailbox_limit

Let’s look at the value of message_size_limit:

postconf -n | grep message_size_limit
postconf -d | grep message_size_limit

Let’s manually specify the values mailbox_size_limit and virtual_mailbox_limit manually in /etc/postfix/main.cf so that they are greater than message_size_limit, or by adding the following commands to the file:

sudo postconf -e 'mailbox_size_limit = 102400000'
sudo postconf -e 'virtual_mailbox_limit = 102400000'

Alternatively, you can disable the limit altogether by specifying 0:

postconf -e 'mailbox_size_limit = 0'
postconf -e 'virtual_mailbox_limit = 0'

Restart Postfix to apply the changes:

sudo /etc/init.d/postfix restart

Done, the error should not be.

How to change the SSH port in Ubuntu

On the test, I change the SSH port in Ubuntu Server 14.0.4 LTS and Ubuntu Server 16.0.4 LTS.

Open the SSH configuration for example in the nano text editor (in nano, press Ctrl+X to exit, y/n to save or cancel changes):

sudo nano /etc/ssh/sshd_config

Find the line “Port 22” and change it for example to “Port 58222“.

To apply the changes, restart ssh (on different systems it can reboot in different ways, so here is a list of possible commands):

sudo service ssh restart
sudo /etc/init.d/ssh restart
sudo /etc/init.d/sshd restart

After restarting SSH, it will be available on the new port, and the current session on the old one will remain active, so without disconnecting for testing, we will try to connect to the new port, if not, then the firewall is working in the system and you need to allow it in the system, for example in iptables this is done this way (where 58222 is our new port):

sudo iptables -A INPUT -p tcp --dport 58222 -j ACCEPT

You can allow iptables to connect to SSH only from the specified range of IP addresses:

sudo iptables -A INPUT -d 192.168.0.0/24 -p tcp --dport 58222 -j ACCEPT

If everything is ok, we connect through a new port and can delete the old iptables rule, for example:

sudo iptables -D INPUT -p tcp --dport 22 -j ACCEPT

An example of a command to connect from Linux to SSH on a non-standard port:

ssh -p 58222 user@192.168.0.2

View the system on which port and on what network interfaces SSH works like this:

netstat -tulpan | grep ssh

Install and use Partclone

Partclone — utility for cloning and restoring disk partitions.

Perform the installation of Partclone in Ubuntu:

sudo apt-get update
sudo apt-get install partclone

Partclone can work with many file systems, when you start it through a point, you must specify the type of file system, for example:

partclone.btrfs (btrfs)
partclone.ext2/ext3/ext4 (ext2, ext3, ext4)
partclone.reiserfs (reiserfs 3.5)
partclone.reiser4 (reiser 4)
partclone.xfs (xfs)
partclone.ufs (ufs/ufs2)
partclone.jfs (jfs)
partclone.hfs+/hfsplus (hfs plusfs)
partclone.vmfs (vmfs)
partclone.ntfs (ntfs)
partclone.fat12/fat16/fat32 (fat12, fat16, fat32)
partclone.exfat (exfat)
partclone.minix (minix)
partclone.f2fs (f2fs)
partclone.nilfs2 (nilfs2)

Here are the possible startup options:

-s FILE, --source FILE

The data source specifies the file or partition to be cloned from or from which data will be restored.

-o FILE, --output FILE

The output file in which the data or partition to which data will be restored will be stored.

-O FILE, --overwrite FILE

Overwrite the file if it exists.

-c, --clone

Preservation

-r, --restore

Recovery

-b, --dev-to-dev

Copy from device to device mode

-l FILE, --logfile FILE

Path to the log file (default /var/log/partclone.log)

-R, --rescue

Continue after disk read errors

-C, --no_check

Do not check disk size and free space

-N, --ncurse

Ncurses text-based user interface

-X, --dialog

Output of messages in a dialogue format

-I, --ignore_fschk

Ignore file system check

--ignore_crc

Ignore crc errors

-F, --force

Forced mode

-f SECONDS, --UI-fresh SECONDS

Changing the interval

-z SIZE, --buffer_size SIZE

The size of the read / write buffer (default: 1048576)

-q, --quiet

Quiet mode, information about the execution process will not be displayed

-dlevel, --debug level

Debug mode level 1/2/3

-h, --help

Display Help

-v, --version

Display the version of the program

I will give examples of running partclone.
First let’s see what drives in the system are used:

sudo fdisk -l | grep '/dev/'

Example of cloning a partition to a file:

sudo partclone.ext3 -c -d -s /dev/sda1 -o sda1.img

Example of cloning a partition into an archive:

sudo partclone.ext3 -c -d -s /dev/sda1 | gzip -c > /dev/sdb2/sda1.gz

Restoring the partition from the file:

sudo partclone.ext3 -r -d -s sda1.img -o /dev/sda1

Restoring the partition from the archive:

sudo gzip -d /dev/sdb2/sda1.gz | partclone.ext3 -d -r -o /dev/sda1

We clone the partition into the partition of another disk:

sudo partclone.ext3 -b -d -s /dev/sda1 -o /dev/sdb2