Installing and using jnettop

jnettop – a utility for viewing traffic statistics in real time, sorted by hosts / ports.

The installation command in Ubuntu/Debian:

sudo apt-get install jnettop

The installation command in CentOS:

sudo yum install jnettop

An example of a simple start:

sudo jnettop

An example of a start with a network interface:

sudo jnettop -i eth0

I’ll describe the possible startup options:
-h (help)
-v (view version)
-c (disable content filtering)
-d (write debugging information to a file)
-f (reading the configuration from the file, if not specified, then the file is searched for ~/.jnettop)
-i (to capture packets from the specified interface)
–local-aggr [none|host|port|host+port] (set local aggregation to the specified value)
–remote-aggr [none|host|port|host+port] (set remote aggregation to the specified value)
-n (do not resolving IP to DNS names)
-p (inclusion of promiscuous mode to receive all packets that come to the network interface)
-s (selects one of the rules defined in the .jnettop configuration file (by its name))
-x (allows you to specify a custom filter rule. this allows you to use the syntax of the tcpdump style. do not forget to include the filter in quotation marks when starting from the shell)

Install and configure ntopng

Below I’ll describe the installation of ntopng in Ubuntu.
We select the necessary package on http://packages.ntop.org/apt-stable/ and download it:

wget wget http://apt-stable.ntop.org/16.04/all/apt-ntop-stable.deb
sudo dpkg -i apt-ntop-stable.deb

Further we carry out:

sudo apt-get clean all
sudo apt-get update
sudo apt-get install pfring nprobe ntopng ntopng-data n2disk nbox
sudo touch /etc/ntopng/ntopng.start
sudo /etc/init.d/ntopng restart

If new versions of ntopng are released, then you can update by running the commands:

sudo apt-get update
sudo apt-get upgrade

After installation, the configuration file will be located in the /etc/ntopng/ntopng.conf directory
I will give an example of its content:

-w=3000
-d=/var/tmp/ntopng
-G=/var/run/ntopng.pid
--httpdocs-dir /usr/share/ntopng/httpdocs
--local-networks="192.168.0.0/16,10.0.0.0/8,172.16.0.0/16"

Restart / stop / start ntopng with commands:

sudo /etc/init.d/ntopng restart
sudo /etc/init.d/ntopng stop
sudo /etc/init.d/ntopng start

You can check from the console with the command:

sudo /etc/init.d/ntopng status
sudo netstat -tulpn | grep :3000

Open the web interface by typing in the address bar of the browser:
http://HOST:3000

The standard login and password are admin/admin.

See also:
Install and configure nprobe
The solution to the error “Missing /etc/ntopng/ntopng.start. Quitting”

Installing and Using dhcpdump

dhcpdump – sniffer utility for analyzing DHCP packets.

I will give an example of the installation command in Ubuntu/Debian:

sudo apt-get install dhcpdump

Installation in CentOS:

yum install dhcpdump

Let’s see what network interfaces are in the system:

ifconfig

Example of running dhcpdump with the name of the network interface:

dhcpdump -i eth0

An example of intercepting DHCP packets with only the specified MAC address ending:

dhcpdump -i eth0 -h ^02:b0:eb

I’ll give an example of displaying the result not on the screen, but in a file:

dhcpdump -i eth0 > file.txt

Starting a TFTP server in Windows

One of the options for running the tftp server on Windows is to download and run the application from the link http://tftpd32.jounin.net/tftpd32_download.html

After running the application to test it, you need to run the tftp client, if it is not installed on Windows, we set it by typing:

dism /online /Enable-Feature /FeatureName:TFTP

Or you can also open the “Control Panel” – “Uninstall the program” or “Programs and components” – “Enable or disable Windows components”, tick the “TFTP Client” and click “OK”.

To transfer and download files from the TFTP server, open the command line and execute the commands:

tftp 192.168.1.10 PUT file.txt
tftp 192.168.1.2 GET file.txt

See also:
Installing and Configuring a TFTP Server in Ubuntu

Installing and using trafshow

trafshow – a utility for displaying traffic statistics passing through network interfaces.

Since the utility is included in the Netdiag (Net-Diagnostics) set, everything is installed together.

You can install Netdiag and trafshow in Ubuntu / Debian using the following command:

sudo apt-get install netdiag

In CentOS/RedHat/Fedora:

sudo yum install netdiag

Command viewing guide:

man trafshow

Simple launch:

sudo trafshow

I’ll describe the possible startup options:
-v (view the version of the program)
-n (do not convert the addresses into DNS names, and port numbers for example 80 in http, etc., in the running program, you can toggle the option with the N key)
-a len (summarizing traffic flows using the IP prefix IP netmask len, in the program is switched by pressing the A key)
-с conf (using an alternative color configuration instead of the standard / etc / trafshow)
-i name (indication of the network interface)
-s str (search for an item in the list and go to it)
-u port (listening to the specified UDP port for Cisco Netflow, the default number is 9995, to disable use 0)
-R refresh (update interval, default 2 secs, in the program is changed with the R key)
-P purge (cleaning of obsolete records after the specified time, by default 10 seconds, in the program is changed by the key P)
-F file (using a file for filters)
expr (what packages will be displayed, if not specified, then all)

Installing and using softflowd

Softflowd – NetFlow network traffic analyzer.

You can install in Ubuntu/Debian using the command:

sudo apt-get install softflowd

After installation, you need to open its configuration file, for example, in the nano editor (Ctrl+X for exit, y/n for saving or canceling changes):

sudo nano /etc/default/softflowd

And specify the parameters, for example:

INTERFACE="any"
OPTIONS="-n 192.168.1.40:5556"

After the changes, perform a restart:

sudo /etc/init.d/softflowd restart

Let’s look at the statistics of softflowd:

softflowctl statistics

If it is not running, there will be an error:

ctl connect(“/var/run/softflowd.ctl”) error: Connection refused

Display information about all monitored threads:

sudo softflowctl dump-flows

Information about softflowctl can be viewed by the command:

man softflowctl

I’ll describe other startup options:
-n (specify the network node and port on which will work softflowd)
-i (interface on which will work softflowd)
-r pcap_file (reading information from a file, not a network interface)
-p pidfile (alternative location for storing the process identifier, standard /var/run/softflowd.pid)
-c ctlsock (alternative location for the socket, standard /var/run/softflowd.ctl)
-m max_flows (maximum number of threads for simultaneous tracking)
-6 (consider also IPv6 data)
-D (debug mode)
-T track_level (level of tracking, can be full, proto, ip)
-v netflow_version (netflow version)

The reboot script of Wi-Fi routers TP-Link

Below is an example of the TP-Link router reboot script, I will test it on TL-WR720N 2.0 from Ubuntu Server.

#!/bin/sh
ROUTER_IP="192.168.24.174"
USERNAME="admin"
PASSWORD="admin"

# exit if router is down
ping -q -c 1 "$ROUTER_IP" > /dev/null || exit

curl --basic --user "$USERNAME:$PASSWORD" -A "Mozilla/4.73 [en] (X11; U; Linux 2.2.15 i686)" --refer "http://$ROUTER_IP" "$ROUTER_IP/userRpm/SysRebootRpm.htm?Reboot=reboot"

The contents of the script will be placed in a new file, for example, using the nano editor (“CTRL+X” to exit and “y” to save the changes):

nano file.sh

And make it executable:

chmod 777 file.sh

After this, we execute:

./file.sh

Similarly, you can perform other functions instead of rebooting.