Thursday, January 13, 2011

FreeBSD: Ringmap Quick Testing

I have mentioned about FreeBSD ringmap here, and now I will share how I get ringmap installed quickly. As the developer of ringmap(Alex) has ported it to FreeBSD stable, here's what you can do -

Download FreeBSD 8.1 stable iso -

shell>wget -c ftp://ftp.jp.freebsd.org/pub/FreeBSD/snapshots/201011/FreeBSD-8.1-STABLE-201011-i386-disc1.iso

Install FreeBSD 8.1 stable on VirtualBox using the iso(Standard Install and make sure you include the source), you can do this quickly without issue if you are familiar with FreeBSD installation. The reason why I choose VirtualBox because VirtualBox can virtualize the following six types of networking hardware:

- AMD PCNet PCI II (Am79C970A)
- AMD PCNet FAST III (Am79C973, the default)
- Intel PRO/1000 MT Desktop (82540OEM)
- Intel PRO/1000 T Server (82543GC)
- Intel PRO/1000 MT Server (82545EM)
- Paravirtualized network adapter (virtio-net)

The ringmap implementation supports Intel 8254x network cards which you can find in the list above, therefore it's the ideal VM solution to use. Make sure you use any of the Intel 8254x in the list.

After I have FreeBSD stable installed on VirtualBox, then proceed to recompile the kernel without device em.

shell>cd /usr/src/sys/i386/conf
shell>mkdir /root/kernels
shell>cp GENERIC /root/kernels/RINGMAP
shell>ln -s /root/kernels/RINGMAP

Edit /root/kernels/RINGMAP by commenting out this line

# device em # Intel PRO/1000 Gigabit Ethernet Family

To recompile and install the custom kernel -

shell>cd /usr/src
shell>make buildkernel KERNCONF=RINGMAP
shell>make installkernel KERNCONF=RINGMAP

It will take a while and once you got it done, reboot the system. After the system is up, add these two lines to /etc/make.conf(if the file not exists, you can just create it) -

EM_RINGMAP=yes
LIBPCAP_RINGMAP=yes

Download ringmap source and install -

shell>fetch http://ringmap.googlecode.com/files/ringmap_freebsd_8.1_1.1.0.bz2
shell>tar xvjf ringmap_freebsd_8.1_1.1.0.bz2
shell>cd FreeBSD_8/scripts
shell>chmod 755 *
shell>./build_ringmap.sh

To enable the ringmap -

shell>./set_ringmap.sh

To make sure you can run any packet capture tool, you need to turn on monitor mode for the network interface -

shell>ifconfig em0 monitor up

For quick testing just run tcpdump and listen to em0 interface -

shell>tcpdump -ttttnni em0

That's all for ringmap testing, I haven't done any benchmarking yet until I get the real hardware for testing but you definitely can find more information about ringmap in its own page here -

http://code.google.com/p/ringmap/

Cheers (;])

Wednesday, January 12, 2011

Ubuntu: Daemonlogger

To install daemonlogger on Ubuntu 10.10, you can follow me here -

Install all the required dependencies -

shell>sudo apt-get install libpcap-dev libdumbnet1 libdumbnet-dev

As the libdnet files are renamed to dumb names, we need to create soft link for them so that daemonlogger can find them, otherwise you can install libdnet from source which I want to avoid here -

shell>cd /usr/lib

shell>sudo ln -s libdumbnet.a libdnet.a

shell>sudo ln -s libdumbnet.so libdnet.so

shell>sudo ln -s libdumbnet.so.1.0.1 libdnet.so.1.0.1

shell>sudo ln -s libdumbnet.so.1 libdnet.so.1

shell>sudo ln -s libdumbnet.la libdnet.la

shell>cd /usr/include/

shell>sudo ln -s dumbnet.h dnet.h

Install daemonlogger -

shell>wget -c http://www.snort.org/users/roesch/code/daemonlogger-1.2.1.tar.gz

shell>tar xvzf daemonlogger-1.2.1.tar.gz

shell>cd daemonlogger-1.2.1

shell>./configure

shell>make

shell>sudo make install

There you go, now you have daemologger installed on Ubuntu and ready to capture packets.

Enjoy (;])

Saturday, January 01, 2011

Happy New Year 2011

Good bye 2010, and here comes 2011!

Happy new year everyone, and hopefully myself will be more active in blogging this year!

Cheers & Enjoy (;])