Installing and Using dhcpdump

dhcpdump – sniffer utility for analyzing DHCP packets.

I will give an example of the installation command in Ubuntu/Debian:

sudo apt-get install dhcpdump

Installation in CentOS:

yum install dhcpdump

Let’s see what network interfaces are in the system:

ifconfig

Example of running dhcpdump with the name of the network interface:

dhcpdump -i eth0

An example of intercepting DHCP packets with only the specified MAC address ending:

dhcpdump -i eth0 -h ^02:b0:eb

I’ll give an example of displaying the result not on the screen, but in a file:

dhcpdump -i eth0 > file.txt

Starting a TFTP server in Windows

One of the options for running the tftp server on Windows is to download and run the application from the link http://tftpd32.jounin.net/tftpd32_download.html

After running the application to test it, you need to run the tftp client, if it is not installed on Windows, we set it by typing:

dism /online /Enable-Feature /FeatureName:TFTP

Or you can also open the “Control Panel” – “Uninstall the program” or “Programs and components” – “Enable or disable Windows components”, tick the “TFTP Client” and click “OK”.

To transfer and download files from the TFTP server, open the command line and execute the commands:

tftp 192.168.1.10 PUT file.txt
tftp 192.168.1.2 GET file.txt

See also:
Installing and Configuring a TFTP Server in Ubuntu

Installing and using trafshow

trafshow – a utility for displaying traffic statistics passing through network interfaces.

Since the utility is included in the Netdiag (Net-Diagnostics) set, everything is installed together.

You can install Netdiag and trafshow in Ubuntu / Debian using the following command:

sudo apt-get install netdiag

In CentOS/RedHat/Fedora:

sudo yum install netdiag

Command viewing guide:

man trafshow

Simple launch:

sudo trafshow

I’ll describe the possible startup options:
-v (view the version of the program)
-n (do not convert the addresses into DNS names, and port numbers for example 80 in http, etc., in the running program, you can toggle the option with the N key)
-a len (summarizing traffic flows using the IP prefix IP netmask len, in the program is switched by pressing the A key)
-с conf (using an alternative color configuration instead of the standard / etc / trafshow)
-i name (indication of the network interface)
-s str (search for an item in the list and go to it)
-u port (listening to the specified UDP port for Cisco Netflow, the default number is 9995, to disable use 0)
-R refresh (update interval, default 2 secs, in the program is changed with the R key)
-P purge (cleaning of obsolete records after the specified time, by default 10 seconds, in the program is changed by the key P)
-F file (using a file for filters)
expr (what packages will be displayed, if not specified, then all)

Installing and using softflowd

Softflowd – NetFlow network traffic analyzer.

You can install in Ubuntu/Debian using the command:

sudo apt-get install softflowd

After installation, you need to open its configuration file, for example, in the nano editor (Ctrl+X for exit, y/n for saving or canceling changes):

sudo nano /etc/default/softflowd

And specify the parameters, for example:

INTERFACE="any"
OPTIONS="-n 192.168.1.40:5556"

After the changes, perform a restart:

sudo /etc/init.d/softflowd restart

Let’s look at the statistics of softflowd:

softflowctl statistics

If it is not running, there will be an error:

ctl connect(“/var/run/softflowd.ctl”) error: Connection refused

Display information about all monitored threads:

sudo softflowctl dump-flows

Information about softflowctl can be viewed by the command:

man softflowctl

I’ll describe other startup options:
-n (specify the network node and port on which will work softflowd)
-i (interface on which will work softflowd)
-r pcap_file (reading information from a file, not a network interface)
-p pidfile (alternative location for storing the process identifier, standard /var/run/softflowd.pid)
-c ctlsock (alternative location for the socket, standard /var/run/softflowd.ctl)
-m max_flows (maximum number of threads for simultaneous tracking)
-6 (consider also IPv6 data)
-D (debug mode)
-T track_level (level of tracking, can be full, proto, ip)
-v netflow_version (netflow version)

The reboot script of Wi-Fi routers TP-Link

Below is an example of the TP-Link router reboot script, I will test it on TL-WR720N 2.0 from Ubuntu Server.

#!/bin/sh
ROUTER_IP="192.168.24.174"
USERNAME="admin"
PASSWORD="admin"

# exit if router is down
ping -q -c 1 "$ROUTER_IP" > /dev/null || exit

curl --basic --user "$USERNAME:$PASSWORD" -A "Mozilla/4.73 [en] (X11; U; Linux 2.2.15 i686)" --refer "http://$ROUTER_IP" "$ROUTER_IP/userRpm/SysRebootRpm.htm?Reboot=reboot"

The contents of the script will be placed in a new file, for example, using the nano editor (“CTRL+X” to exit and “y” to save the changes):

nano file.sh

And make it executable:

chmod 777 file.sh

After this, we execute:

./file.sh

Similarly, you can perform other functions instead of rebooting.