Is this possible? A group of us have been trying to prepare for a security competition coming up, but we know we will only have 1 NIC. We have tried for hours to research a solution, but we haven't found anything that works. Can anyone point us in the right direction?
Yes, that's possible.
The best way to test playing with Snort is to download the free Linux distro, Security Onion (http://code.google.com/p/security-onion/wiki/Installation). It comes with an easy set-up wizard and has all the tools for Intrusion Detection and Network Security Monitoring.
You can use it to set the server and sensor elements for Snort on the one nic in the VM, eth0 typically. You'll be up and running within 10 minutes of booting the VM.
Related
I have a project on DNS reflection prevention and I need somehow to capture incoming and outgoing packets in real time... I am working on Linux Debian 8.0... can you please tell me how to do that... I looked in many websites and watched many tutorials but they were confusing and didn't help at all.. could you please help me
Thank you
You can use Wireshark for listening for network traffic and capturing the packets. A command-line version - T-shark can output structured XML, which you can store into the database using the programming language / tools of your choice.
We have a customized Flash/HTML5 video player we use for users on our site. I'm currently fleshing out the experience for users who have 'suboptimal' bandwidth--basically we'd like the client side code to be able to detect poor user experience due to excessive buffering. I would like to test this "poor bandwidth" handling code in my local development environment.
Does anyone know of good techniques for simulating "poor bandwidth" in a local environment for testing purposes?
More specifically I have my local browser connecting to a virtual machine with instances of uWSGI, nginx, and python/django and I would like to be able to inject arbitrary amounts of delay into the delivery of content from these systems. (I'm primarily concerned with doing this with nginx, which does the video content delivery/streaming).
EDIT: It may be relevant that the dev environment is Mac OS X.
Just use nginx's configuration.
While OS X Lion's Network Link Conditioner works as expected it's still annoying to use when I'm really just trying to test a subset of a web app's behavior--i.e., the slow video buffering handling system.
As such, I've found it much more convenient to set rate limiting in my nginx.conf file, e.g.,:
location ~ /files/(.*\.(mp4|m4v|mov))$ {
...
limit_rate 50k; # <-- Limit download rate per connection to 50kbps
...
}
EDIT: See the nginx HttpCoreModule docs.
FreeBSD is ancestor of Mac OS, so you can use built-in powerful firewall called ipfw.
It can be used in many different cases, for example simulate low bandwidth. Use your own IP address loopback (127.0.0.1) or a remote server (8.8.8.8 in that case).
We do a video interviewing web-application, so I'd like to share with our experience of simulation of bad connection, see example below:
$ sudo su
$ ipfw show
$ ipfw pipe 1 config delay 600ms bw 256kbit/s
$ ipfw add pipe 1 dst-ip 8.8.8.8 dst-port 80
$ ipfw flush
ipfw pipe allows you to simulate slow and unstable connection with using delay, bw and even prob to simulate packet losses.
I just found the Mac OS X Network Link Conditioner but I'm not yet sure it works on loopback, which it would need to for my purposes.
EDIT: This seems to work on loopback, so it seems to solve my problem! This is probably the way to go if you're on OS X 10.7
I'm using this program NetLimiter to simulate "poor bandwidth". It's not free, but have a trial version that works well. Is only for windows :(
I want to kick myself to learning network programming, starting with implementing existing network protocols. I've finished the (rudimentary) design and will start coding soon. The problem I haven't been able to figure out solution to is related to testing: I only have one Windows laptop running Windows 7 Pro with only a recovery disc (no installation disc) that obviously cannot be used on a VM.
Hard-coding input/output data clearly isn't a good way to test any sort of program. So, what solutions can I look into?
Thanks for your time.
P.S.: In case this matters, I'll do the coding in C++.
You can run a client and a server on the same machine. When accessing the network layer, just use the local callback loop (127.0.0.1 for ipv4 or ::1 for ipv6) to connect to your server when you run the client.
If you provide the APIs that you will be using (wininet, APR, Boost etc) a more detailed answer would be available.
What about a VM with Ubuntu or some other distro of Linux?
Hi all,
I need a tool that can retrieve information about used resources of each VM and their processes,
I use KVM as hyper-visor
I also need it to have a programming API
I know it is a tough request :), but any contribution is more than welcome !
Thanx
If you're running *NIX based guests, couldn't you script a set of ssh sessions to login to each guest and grab whatever information you need?
I've heard Nagios and other popular monitoring tools work on virtual machines in much the same way as on the real ones.
Simplified, I have an application where data is intended to flow over the internet between two servers. Ideally, I'd like to test at what point the software ceases to function. At what lowerbound limit (bandwidth, latency, dropped packets) do things stop working to test the reliability of the software.
What I thought I would do was the following:
Setup up 3 machines (VMware instances)
Install the 2 applications on two of the servers.
Setup up the 3rd server to sit between the two machines by doing some sort of magic with Routing and Remote Access on Windows 2003
Install either Traffic Shaper XP or NetLimiter to limit the bandwidth
Run something like TMnetSim Network Simulator to simulate a bad connection.
Does this sound like a good idea or are there easier/better ways of doing this? I'm not that comfortable on Linux and my team mates are even less so.
WANem does exactly this. We have used it both in a virtual machine on the desktop and on a dedicated old pc and it worked great. It can simulate all sorts of broken connectivity.
FreeBSDs ipfw has provisions to simulate links with a given bandwith, latency or error rate. You could use that FreeBSD machine as your machine "in the middle" in your above setup.
You probably can also run at least one of the endpoints on the same machine if you want to reduce the amount of servers involved.
Someone actually packaged up the settings and whatnot necessary for the FreeBSD solution to this problem and they call it DUMMYNET.
It simulates/enforces queue and bandwidth limitations, delays, packet losses, and multipath effects. It also implements a variant of Weighted Fair Queueing called WF2Q+. It can be used on user's workstations, or on FreeBSD machines acting as routers or bridges.
It can simulate exactly what you want, and its free and will boot onto commodity hardware. They even have a canned install of it that is small enough to put on a floppy disk (!) that you can download at that link.
Maybe it is time to learn a bit about Linux because adding a 50ms delay on every outgoing packet can be done in typing just one line:
tc qdisc add dev eth0 root netem delay 50ms
For more see the Linux Traffic Control HOWTO
We had a similar requirement some ten years ago - I'll see if I can recall how we managed it.
If I remember, we wrote a socket proxy program which was controlled by inetd on a UNIX box. This socket would accept connections from a client and open equivalent sessions through to the server. It would then loop, passing messages in both directions.
The way we achieved WAN characteristics was to introduce random delays (with upper and lower limits) in both the connection establishment and the passing of data once the link was up.
It also had the feature to drop the link occasionally as WAN links were less reliable for us than local traffic.
I recall we had to make it threaded to stop the delays from affecting reverse traffic on the link.
There is a very good (and free) Microsoft solution for that, we use it for quite some time and it works great, it can very easily simulate every thing(packet loss, low bandwidth, disconnection, latency....)
This is the best solution i found for a windows environment
More information and a download link can be found here: MARCO blog post
this product has gone some evolution and it is now integrated into visual studio as part of the automation testing, but i found the use of the standalone(that is quite hard to find, so keep a local copy) to work much better. keep in mind that you need at least two computers(or VMs) since you need to pass through a network adapter in order for the application to work its magic.