Thursday, January 13, 2011

FreeBSD: Ringmap Quick Testing

I have mentioned about FreeBSD ringmap here, and now I will share how I get ringmap installed quickly. As the developer of ringmap(Alex) has ported it to FreeBSD stable, here's what you can do -

Download FreeBSD 8.1 stable iso -

shell>wget -c ftp://ftp.jp.freebsd.org/pub/FreeBSD/snapshots/201011/FreeBSD-8.1-STABLE-201011-i386-disc1.iso

Install FreeBSD 8.1 stable on VirtualBox using the iso(Standard Install and make sure you include the source), you can do this quickly without issue if you are familiar with FreeBSD installation. The reason why I choose VirtualBox because VirtualBox can virtualize the following six types of networking hardware:

- AMD PCNet PCI II (Am79C970A)
- AMD PCNet FAST III (Am79C973, the default)
- Intel PRO/1000 MT Desktop (82540OEM)
- Intel PRO/1000 T Server (82543GC)
- Intel PRO/1000 MT Server (82545EM)
- Paravirtualized network adapter (virtio-net)

The ringmap implementation supports Intel 8254x network cards which you can find in the list above, therefore it's the ideal VM solution to use. Make sure you use any of the Intel 8254x in the list.

After I have FreeBSD stable installed on VirtualBox, then proceed to recompile the kernel without device em.

shell>cd /usr/src/sys/i386/conf
shell>mkdir /root/kernels
shell>cp GENERIC /root/kernels/RINGMAP
shell>ln -s /root/kernels/RINGMAP

Edit /root/kernels/RINGMAP by commenting out this line

# device em # Intel PRO/1000 Gigabit Ethernet Family

To recompile and install the custom kernel -

shell>cd /usr/src
shell>make buildkernel KERNCONF=RINGMAP
shell>make installkernel KERNCONF=RINGMAP

It will take a while and once you got it done, reboot the system. After the system is up, add these two lines to /etc/make.conf(if the file not exists, you can just create it) -

EM_RINGMAP=yes
LIBPCAP_RINGMAP=yes

Download ringmap source and install -

shell>fetch http://ringmap.googlecode.com/files/ringmap_freebsd_8.1_1.1.0.bz2
shell>tar xvjf ringmap_freebsd_8.1_1.1.0.bz2
shell>cd FreeBSD_8/scripts
shell>chmod 755 *
shell>./build_ringmap.sh

To enable the ringmap -

shell>./set_ringmap.sh

To make sure you can run any packet capture tool, you need to turn on monitor mode for the network interface -

shell>ifconfig em0 monitor up

For quick testing just run tcpdump and listen to em0 interface -

shell>tcpdump -ttttnni em0

That's all for ringmap testing, I haven't done any benchmarking yet until I get the real hardware for testing but you definitely can find more information about ringmap in its own page here -

http://code.google.com/p/ringmap/

Cheers (;])

1 comment:

immaDummy said...

i was asked to trace whether there is outside network that cross our network using freebsd.and i'd like to use scapy.can you teach me how?