Cloud is everywhere now, and I have been playing with OpenVSwitch for a while, it looks like a critical solution to provide network security monitoring to virtualization technology. If you want to know more about OpenVSwitch, information can be found in the website below -
http://openvswitch.org
The OpenVSwitch is not just a virtual switch, it offers many network traffic monitoring features such as span, rspan, netflow and sflow, I have tried out many features in OpenVSwitch and they are useful depending on your monitoring need.
Traditional network traffic monitoring is not going to help here, you can't simply deploy a network tap or port mirroring to monitor the traffic in the cloud server farms, of course you can still monitor when the virtual machines are talking to outside world, however you can't really see the conversation between virtual machines. For example, when vm1 performs network scanning on other virtual machines in the same cloud server.
More thoughts need to be put into cloud network security monitoring since it becomes a trend and widely used in enterprise world, I have encountered couple of times where performing forensics operation is much harder in the cloud.
OpenVSwitch seems to be promising, hopefully with the inclusion of OpenVSwitch in Linux 3.3 kernel, it will become more popular and widely used.
http://blog.sflow.com/2012/03/linux-33-released.html
Cheers ;]
Thursday, June 21, 2012
Saturday, January 14, 2012
FreeBSD 9.0 Release is OUT!
If you haven't noticed yet, FreeBSD 9.0 Release is out, grab it while it is still hot. The announcement can be found at
http://www.freebsd.org/releases/9.0R/announce.html
You can check out the release note at -
http://www.freebsd.org/releases/9.0R/relnotes.html
I'm glad to see the driver improvement for network adapters especially intel based cards, and the netgraph ng_netflow supports NetFlow V9 export. Another interesting feature is usbdump which can be used to dump packets over usb controller. As always ipfw is improved in almost every FreeBSD release just like pf in OpenBSD. The FreeBSD team has also made a lot of improvement on file system wise. Finally we see new installer for FreeBSD ;)
With FreeBSD 9.0 Release is officially out, time to work on HeX 3!
Cheers ;]
http://www.freebsd.org/releases/9.0R/announce.html
You can check out the release note at -
http://www.freebsd.org/releases/9.0R/relnotes.html
I'm glad to see the driver improvement for network adapters especially intel based cards, and the netgraph ng_netflow supports NetFlow V9 export. Another interesting feature is usbdump which can be used to dump packets over usb controller. As always ipfw is improved in almost every FreeBSD release just like pf in OpenBSD. The FreeBSD team has also made a lot of improvement on file system wise. Finally we see new installer for FreeBSD ;)
With FreeBSD 9.0 Release is officially out, time to work on HeX 3!
Cheers ;]
Wednesday, January 11, 2012
Argus 3: Some hardly used scripts
There are couple of perl scripts come with argus 3 to process argus data, in case you haven't used them, do try them out, I will just show the result generated by those scripts -
shell>perl ./raips -r ~/pcap-repo/anubis.arg3
187.45.196.28
187.45.241.156
192.168.0.1
192.168.0.2
Raips will generate all unique IP addresses that are seen in the argus data.
shell>perl ./rahosts -r ~/pcap-repo/anubis.arg3
192.168.0.2: (3) 187.45.196.28, 187.45.241.156, 192.168.0.1
Rahosts will generate host report, and telling you the hosts that initiate network connection(transmitter) and also destination hosts that are probed(receiver), you may get an array of IP addresses in the same network if it is network scanning or worm outbreak activity.
shell>perl ./raports -r ~/pcap-repo/anubis.arg3
187.45.241.156 tcp: (1) 80
192.168.0.1 udp: (1) 53
187.45.196.28 tcp: (1) 1433
Raports will generate the port report, however only on server side, which means those ports that are probed by any host.
If you are not satisfied with the result generated by those scripts, you are free to modify them to fit your needs, basically Carter is just demonstrating what you can do with argus data using some scripting capabilities.
Cheers (;])
shell>perl ./raips -r ~/pcap-repo/anubis.arg3
187.45.196.28
187.45.241.156
192.168.0.1
192.168.0.2
Raips will generate all unique IP addresses that are seen in the argus data.
shell>perl ./rahosts -r ~/pcap-repo/anubis.arg3
192.168.0.2: (3) 187.45.196.28, 187.45.241.156, 192.168.0.1
Rahosts will generate host report, and telling you the hosts that initiate network connection(transmitter) and also destination hosts that are probed(receiver), you may get an array of IP addresses in the same network if it is network scanning or worm outbreak activity.
shell>perl ./raports -r ~/pcap-repo/anubis.arg3
187.45.241.156 tcp: (1) 80
192.168.0.1 udp: (1) 53
187.45.196.28 tcp: (1) 1433
Raports will generate the port report, however only on server side, which means those ports that are probed by any host.
If you are not satisfied with the result generated by those scripts, you are free to modify them to fit your needs, basically Carter is just demonstrating what you can do with argus data using some scripting capabilities.
Cheers (;])
Large Scale Pcap Analysis
It seems that the storage is not much an issue when comes to packet capture anymore, looking at terabytes become general everywhere, and many network analysis tools seem to gear toward large scale pcap data analysis, bro-ids has extended their functionality by using tons of community hardware and timemachine to capture and analyze network data, and now I just come to read about people in RIPE NCC are doing this using apache hadoop -
https://labs.ripe.net/Members/wnagele/large-scale-pcap-data-analysis-using-apache-hadoop
As we know as well, pcapr is also making use of cloud technology to share and analyze pcap data for internet community.
Enjoy ;]
https://labs.ripe.net/Members/wnagele/large-scale-pcap-data-analysis-using-apache-hadoop
As we know as well, pcapr is also making use of cloud technology to share and analyze pcap data for internet community.
Enjoy ;]
Monday, January 09, 2012
Picviz on Windows
I never know that someone has actually ported picviz to Windows OS platform for a while until I'm working on picviz stuffs and googling some information, you can find here if you are interested -
http://berise.blogspot.com/2011/01/picviz-for-win32-port.html
Open source really opens up many unknown possibilities ...
Cheers ;]
http://berise.blogspot.com/2011/01/picviz-for-win32-port.html
Open source really opens up many unknown possibilities ...
Cheers ;]
Sunday, December 18, 2011
Digital Forensics Tools For Linux
If you are using Fedora Linux Distro to perform Forensics works, you may want to look into this -
http://www.cert.org/forensics/tools/
CERT also provides vmware forensics appliance where you find at the link above.
Enjoy ;]
http://www.cert.org/forensics/tools/
CERT also provides vmware forensics appliance where you find at the link above.
Enjoy ;]
Friday, December 16, 2011
High Tech Fix For "Nokia N900: All telephony functions are disabled" issue
Last week, my Nokia N900 phone suddenly popped up with the message -
All telephony functions, including emergency calls, are disabled due to communication error. To recover, you might have to reboot the device
You will see something like a sim card icon on the top panel when this message appears.
Awesome, it seems I couldn't make or receive call after this message is shown, I rebooted my phone and it works again ... until this week, the phone is dead, I can't use it as a phone but small tablet. Maybe I should try google to see if there's any solution and here's what I have found -
Basically the solution is to claim the warranty and Nokia replaces a new one for you, what if you are out of warranty, just someone like me? Nokia has no answer for that, thank you Nokia ;)
I was thinking "Sim card icon and communication error", maybe it is sim card slot issue? I don't know, but here's what I try -
0. Switch off N900
1. Open up N900 case at the back(battery part)
2. Take out battery
3. Take out sim card from the slot, clean it
4. Put the sim card back to the slot
5. Tighten the slot
6. Take the toilet paper, yes I say toilet paper because it was on my desk when I was trying to fix this
7. Try to tear the toilet paper and make it thicker by layering them
8. Make the toilet paper slightly same size(square) as the sim card slot
9. Put the toilet paper on top of the sim card slot and push in a bit
10. Put back your battery and press it little hard, the toilet paper will be underneath
11. Close the case
12. Switch on your phone
The phone works automagically, don't ask me why, it's really high tech fix if you ever encounter this issue.
Have fun with N900 again, by the way no fun since not much apps for it(Thank you Nokia), BUT it works as PHONE again!
Cheers ;]
p/s: By the way let me know if this solves your problem, I would like to hear about it!
Friday, December 09, 2011
Time to Kill Bill
For all Malaysia IT people, do read this and spread out the words, it's time to kill Bill, what Bill? Computing Professionals Bill 2011!
Do read it in detail! Currently it is in drafting processing, thanks to my best pal - Mel to share this nonsense bill. By the way, if you have facebook, support this -
I will constantly update this post if there's any progress regarding the matter, voice out while you can regarding CPB2011 to the document below -
Mosti has put up their latest working draft which you can find here -
Please review it and make your voice loud and clear!
Some opinions from the individual who works in IT industry ;)
Petition!
Follow the Tweets regarding CPB2011
Flip-flop, uncertainty?
Makes yourself certified criteria?
Mosti is just facilitator?
Role model of CPB 2011, seriously?
Interview of Malaysia Deputy Minister Of Science, Technology And Innovation, Datuk Fadillah Yusoft by Astro Awani, if only you know Malay Language -
From Tony Pua, member of Parliament -
http://www.youtube.com/watch?v=6ilM5bKokkw&feature=youtu.be
While they can't define what is CNII properly during open meeting, now they want to include more sectors in this undefined crap? Seriously if the government sector has failed to deliver security all these years, that means PRISMA that was initiated to protect government ICT agency by our government is a big failure(so much money wasted and now this)? By the way if you read carefully at the last few paragraphs, you will notice "What we can do at CyberSecurity Malaysia is to continue to provide more training and capability building in cyber security, says CyberSecurity malaysia Chieft Executive Officer(CEO) Lt Col Prof Datuk Husin Jazri."
To me, that basically sounds like if this bill is passed, he can make big money by selling training and certification program, now we know who is really pushing this AGENDA at the back ;)
http://thestar.com.my/news/story.asp?file=%2F2011%2F12%2F18%2Fnation%2F10119744&sec=nation
Discussion about CPB 2011 on BFM radio station -
http://bfm.my/geeksquawks_ep53.html
The TeAM(The Technopreneuers Association Of Malaysia) objects to CPB 2011 -
http://techcentral.my/news/story.aspx?file=/2011/12/14/it_news/20111214141030&sec=IT_News
Speak out loud, geeks!
http://thestar.com.my/news/story.asp?file=%2F2011%2F12%2F18%2Fnation%2F10105092&sec=nation
While they can't define what is CNII properly during open meeting, now they want to include more sectors in this undefined crap? Seriously if the government sector has failed to deliver security all these years, that means PRISMA that was initiated to protect government ICT agency by our government is a big failure(so much money wasted and now this)? By the way if you read carefully at the last few paragraphs, you will notice "What we can do at CyberSecurity Malaysia is to continue to provide more training and capability building in cyber security, says CyberSecurity malaysia Chieft Executive Officer(CEO) Lt Col Prof Datuk Husin Jazri."
To me, that basically sounds like if this bill is passed, he can make big money by selling training and certification program, now we know who is really pushing this AGENDA at the back ;)
http://thestar.com.my/news/story.asp?file=%2F2011%2F12%2F18%2Fnation%2F10119744&sec=nation
Discussion about CPB 2011 on BFM radio station -
http://bfm.my/geeksquawks_ep53.html
The TeAM(The Technopreneuers Association Of Malaysia) objects to CPB 2011 -
http://techcentral.my/news/story.aspx?file=/2011/12/14/it_news/20111214141030&sec=IT_News
Speak out loud, geeks!
http://thestar.com.my/news/story.asp?file=%2F2011%2F12%2F18%2Fnation%2F10105092&sec=nation
No cheers this time, F it!
Tuesday, December 06, 2011
Intel X520
I want this for my Christmas present ;]
I never thought 10G network adapter can go very cheap, really need to get one for development and testing!
Monday, December 05, 2011
Virtual PF_Ring
Ntop development team has always developed high performance packet capture solutions that I would like to take a look into it -
Virtual PF_RING can only be used with KVM, with this it will bypass many copy operations and capture packets in line rate. I think I will test it on my Linux box and see how it goes. By the way you need to donate to obtain it.
Cheers ;]
Sunday, October 16, 2011
RIP - Dennis Ritchie
Sorry for the belated one.
Nothing much I can say but truly from my heart - Rest In Peace, Mr. Dennis Ritchie.
Thursday, January 13, 2011
FreeBSD: Ringmap Quick Testing
I have mentioned about FreeBSD ringmap here, and now I will share how I get ringmap installed quickly. As the developer of ringmap(Alex) has ported it to FreeBSD stable, here's what you can do -
Download FreeBSD 8.1 stable iso -
shell>wget -c ftp://ftp.jp.freebsd.org/pub/FreeBSD/snapshots/201011/FreeBSD-8.1-STABLE-201011-i386-disc1.iso
Install FreeBSD 8.1 stable on VirtualBox using the iso(Standard Install and make sure you include the source), you can do this quickly without issue if you are familiar with FreeBSD installation. The reason why I choose VirtualBox because VirtualBox can virtualize the following six types of networking hardware:
- AMD PCNet PCI II (Am79C970A)
- AMD PCNet FAST III (Am79C973, the default)
- Intel PRO/1000 MT Desktop (82540OEM)
- Intel PRO/1000 T Server (82543GC)
- Intel PRO/1000 MT Server (82545EM)
- Paravirtualized network adapter (virtio-net)
The ringmap implementation supports Intel 8254x network cards which you can find in the list above, therefore it's the ideal VM solution to use. Make sure you use any of the Intel 8254x in the list.
After I have FreeBSD stable installed on VirtualBox, then proceed to recompile the kernel without device em.
shell>cd /usr/src/sys/i386/conf
shell>mkdir /root/kernels
shell>cp GENERIC /root/kernels/RINGMAP
shell>ln -s /root/kernels/RINGMAP
Edit /root/kernels/RINGMAP by commenting out this line
# device em # Intel PRO/1000 Gigabit Ethernet Family
To recompile and install the custom kernel -
shell>cd /usr/src
shell>make buildkernel KERNCONF=RINGMAP
shell>make installkernel KERNCONF=RINGMAP
It will take a while and once you got it done, reboot the system. After the system is up, add these two lines to /etc/make.conf(if the file not exists, you can just create it) -
EM_RINGMAP=yes
LIBPCAP_RINGMAP=yes
Download ringmap source and install -
shell>fetch http://ringmap.googlecode.com/files/ringmap_freebsd_8.1_1.1.0.bz2
shell>tar xvjf ringmap_freebsd_8.1_1.1.0.bz2
shell>cd FreeBSD_8/scripts
shell>chmod 755 *
shell>./build_ringmap.sh
To enable the ringmap -
shell>./set_ringmap.sh
To make sure you can run any packet capture tool, you need to turn on monitor mode for the network interface -
shell>ifconfig em0 monitor up
For quick testing just run tcpdump and listen to em0 interface -
shell>tcpdump -ttttnni em0
That's all for ringmap testing, I haven't done any benchmarking yet until I get the real hardware for testing but you definitely can find more information about ringmap in its own page here -
http://code.google.com/p/ringmap/
Cheers (;])
Download FreeBSD 8.1 stable iso -
shell>wget -c ftp://ftp.jp.freebsd.org/pub/FreeBSD/snapshots/201011/FreeBSD-8.1-STABLE-201011-i386-disc1.iso
Install FreeBSD 8.1 stable on VirtualBox using the iso(Standard Install and make sure you include the source), you can do this quickly without issue if you are familiar with FreeBSD installation. The reason why I choose VirtualBox because VirtualBox can virtualize the following six types of networking hardware:
- AMD PCNet PCI II (Am79C970A)
- AMD PCNet FAST III (Am79C973, the default)
- Intel PRO/1000 MT Desktop (82540OEM)
- Intel PRO/1000 T Server (82543GC)
- Intel PRO/1000 MT Server (82545EM)
- Paravirtualized network adapter (virtio-net)
The ringmap implementation supports Intel 8254x network cards which you can find in the list above, therefore it's the ideal VM solution to use. Make sure you use any of the Intel 8254x in the list.
After I have FreeBSD stable installed on VirtualBox, then proceed to recompile the kernel without device em.
shell>cd /usr/src/sys/i386/conf
shell>mkdir /root/kernels
shell>cp GENERIC /root/kernels/RINGMAP
shell>ln -s /root/kernels/RINGMAP
Edit /root/kernels/RINGMAP by commenting out this line
# device em # Intel PRO/1000 Gigabit Ethernet Family
To recompile and install the custom kernel -
shell>cd /usr/src
shell>make buildkernel KERNCONF=RINGMAP
shell>make installkernel KERNCONF=RINGMAP
It will take a while and once you got it done, reboot the system. After the system is up, add these two lines to /etc/make.conf(if the file not exists, you can just create it) -
EM_RINGMAP=yes
LIBPCAP_RINGMAP=yes
Download ringmap source and install -
shell>fetch http://ringmap.googlecode.com/files/ringmap_freebsd_8.1_1.1.0.bz2
shell>tar xvjf ringmap_freebsd_8.1_1.1.0.bz2
shell>cd FreeBSD_8/scripts
shell>chmod 755 *
shell>./build_ringmap.sh
To enable the ringmap -
shell>./set_ringmap.sh
To make sure you can run any packet capture tool, you need to turn on monitor mode for the network interface -
shell>ifconfig em0 monitor up
For quick testing just run tcpdump and listen to em0 interface -
shell>tcpdump -ttttnni em0
That's all for ringmap testing, I haven't done any benchmarking yet until I get the real hardware for testing but you definitely can find more information about ringmap in its own page here -
http://code.google.com/p/ringmap/
Cheers (;])
Wednesday, January 12, 2011
Ubuntu: Daemonlogger
To install daemonlogger on Ubuntu 10.10, you can follow me here -
Install all the required dependencies -
shell>sudo apt-get install libpcap-dev libdumbnet1 libdumbnet-dev
As the libdnet files are renamed to dumb names, we need to create soft link for them so that daemonlogger can find them, otherwise you can install libdnet from source which I want to avoid here -
shell>cd /usr/lib
shell>sudo ln -s libdumbnet.a libdnet.a
shell>sudo ln -s libdumbnet.so libdnet.so
shell>sudo ln -s libdumbnet.so.1.0.1 libdnet.so.1.0.1
shell>sudo ln -s libdumbnet.so.1 libdnet.so.1
shell>sudo ln -s libdumbnet.la libdnet.la
shell>cd /usr/include/
shell>sudo ln -s dumbnet.h dnet.h
Install daemonlogger -
shell>wget -c http://www.snort.org/users/roesch/code/daemonlogger-1.2.1.tar.gz
shell>tar xvzf daemonlogger-1.2.1.tar.gz
shell>cd daemonlogger-1.2.1
shell>./configure
shell>make
shell>sudo make install
There you go, now you have daemologger installed on Ubuntu and ready to capture packets.
Enjoy (;])
Install all the required dependencies -
shell>sudo apt-get install libpcap-dev libdumbnet1 libdumbnet-dev
As the libdnet files are renamed to dumb names, we need to create soft link for them so that daemonlogger can find them, otherwise you can install libdnet from source which I want to avoid here -
shell>cd /usr/lib
shell>sudo ln -s libdumbnet.a libdnet.a
shell>sudo ln -s libdumbnet.so libdnet.so
shell>sudo ln -s libdumbnet.so.1.0.1 libdnet.so.1.0.1
shell>sudo ln -s libdumbnet.so.1 libdnet.so.1
shell>sudo ln -s libdumbnet.la libdnet.la
shell>cd /usr/include/
shell>sudo ln -s dumbnet.h dnet.h
Install daemonlogger -
shell>wget -c http://www.snort.org/users/roesch/code/daemonlogger-1.2.1.tar.gz
shell>tar xvzf daemonlogger-1.2.1.tar.gz
shell>cd daemonlogger-1.2.1
shell>./configure
shell>make
shell>sudo make install
There you go, now you have daemologger installed on Ubuntu and ready to capture packets.
Enjoy (;])
Saturday, January 01, 2011
Happy New Year 2011
Good bye 2010, and here comes 2011!
Happy new year everyone, and hopefully myself will be more active in blogging this year!
Cheers & Enjoy (;])
Happy new year everyone, and hopefully myself will be more active in blogging this year!
Cheers & Enjoy (;])
Friday, December 24, 2010
FreeBSD: High Performance Packet Capture
I'm not sure how many of you have heard about this project, however I found FreeBSD ringmap implementation when I was googling and it seems to be interesting to me, I suggest you visit the link and read up the documentation/presentation.
I'm going to try it out whenever possible, right now it is ported to FreeBSD 8.1 stable, you can actually download the source code and test it out yourself.
http://code.google.com/p/ringmap/
You can also find a lot of information about high performance packet capture from the link below as well, I usually use the setting that is recommended over there for my FreeBSD sensor setup.
http://www.net.t-labs.tu-berlin.de/research/hppc/
By the way, FreeBSD already has zero copy bpf implemented, thanks to Robert Watson for that since he has done a lot of background works on it. To know more about zero copy bpf you can check the presentation slide here -
http://www.watson.org/~robert/freebsd/2007asiabsdcon/20070309-devsummit-zerocopybpf.pdf
Cheers (;])
I'm going to try it out whenever possible, right now it is ported to FreeBSD 8.1 stable, you can actually download the source code and test it out yourself.
http://code.google.com/p/ringmap/
You can also find a lot of information about high performance packet capture from the link below as well, I usually use the setting that is recommended over there for my FreeBSD sensor setup.
http://www.net.t-labs.tu-berlin.de/research/hppc/
By the way, FreeBSD already has zero copy bpf implemented, thanks to Robert Watson for that since he has done a lot of background works on it. To know more about zero copy bpf you can check the presentation slide here -
http://www.watson.org/~robert/freebsd/2007asiabsdcon/20070309-devsummit-zerocopybpf.pdf
Cheers (;])
FreeBSD: Virtual Network Switch
In the previous post, I have mentioned about I'm going to cover Open vSwitch and Vde implementation. However I think it is also interesting to cover how you can setup virtual switch with FreeBSD native system. As we all know bridging is actually software switching, therefore we can make use of bridge interface to achieve this. I will explain the 6 ports virtual network switch setup that is illustrated in the diagram below -
shell>ifconfig bridge0 create
shell>ifconfig tap0 create
shell>ifconfig tap1 create
shell>ifconfig tap2 create
shell>ifconfig tap3 create
shell>ifconfig tap4 create
shell>ifconfig tap5 create
shell>ifconfig bridge0 addm tap0 addm tap1 addm tap3 addm tap4 addm tap5 up
By now you have exact setup like what is shown in the diagram above, to make it permanent/persistent you need to add the following lines to /etc/rc.conf -
cloned_interfaces="bridge0 tap0 tap1 tap2 tap3 tap4 tap5"
ifconfig_bridge0="addm tap0 addm tap1 addm tap2 addm tap3 addm tap4 addm tap5 up"
Also add the following lines to /etc/sysctl.conf -
net.link.tap.up_on_open=1
net.link.tap.user_open=1
Once you have everything done, you can check if it is setup properly -
shell>ifconfig bridge0
bridge0: flags=8843 metric 0 mtu 1500
ether 0e:a5:28:73:f9:3b
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: tap5 flags=143
ifmaxaddr 0 port 9 priority 128 path cost 2000000
member: tap4 flags=143
ifmaxaddr 0 port 8 priority 128 path cost 2000000
member: tap3 flags=143
ifmaxaddr 0 port 7 priority 128 path cost 2000000
member: tap2 flags=143
ifmaxaddr 0 port 6 priority 128 path cost 2000000
member: tap1 flags=143
ifmaxaddr 0 port 5 priority 128 path cost 2000000
member: tap0 flags=143
ifmaxaddr 0 port 4 priority 128 path cost 2000000
To undo everything, just run
shell>ifconfig bridge0 deletem tap0 deletem tap1 deletem tap2 deletem tap3 deletem tap4 deletem tap5
shell>ifconfig tap0 destroy
shell>ifconfig tap1 destroy
shell>ifconfig tap2 destroy
shell>ifconfig tap3 destroy
shell>ifconfig tap4 destroy
shell>ifconfig tap5 destroy
The setup is complete, in the next blog post, I will talk about how you can setup similar virtual switch using FreeBSD ng_bridge implementation. Plus releasing the FreeBSD VM for you to try out the setup yourself.
Enjoy (;])
shell>ifconfig bridge0 create
shell>ifconfig tap0 create
shell>ifconfig tap1 create
shell>ifconfig tap2 create
shell>ifconfig tap3 create
shell>ifconfig tap4 create
shell>ifconfig tap5 create
shell>ifconfig bridge0 addm tap0 addm tap1 addm tap3 addm tap4 addm tap5 up
By now you have exact setup like what is shown in the diagram above, to make it permanent/persistent you need to add the following lines to /etc/rc.conf -
cloned_interfaces="bridge0 tap0 tap1 tap2 tap3 tap4 tap5"
ifconfig_bridge0="addm tap0 addm tap1 addm tap2 addm tap3 addm tap4 addm tap5 up"
Also add the following lines to /etc/sysctl.conf -
net.link.tap.up_on_open=1
net.link.tap.user_open=1
Once you have everything done, you can check if it is setup properly -
shell>ifconfig bridge0
bridge0: flags=8843
ether 0e:a5:28:73:f9:3b
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: tap5 flags=143
ifmaxaddr 0 port 9 priority 128 path cost 2000000
member: tap4 flags=143
ifmaxaddr 0 port 8 priority 128 path cost 2000000
member: tap3 flags=143
ifmaxaddr 0 port 7 priority 128 path cost 2000000
member: tap2 flags=143
ifmaxaddr 0 port 6 priority 128 path cost 2000000
member: tap1 flags=143
ifmaxaddr 0 port 5 priority 128 path cost 2000000
member: tap0 flags=143
ifmaxaddr 0 port 4 priority 128 path cost 2000000
To undo everything, just run
shell>ifconfig bridge0 deletem tap0 deletem tap1 deletem tap2 deletem tap3 deletem tap4 deletem tap5
shell>ifconfig tap0 destroy
shell>ifconfig tap1 destroy
shell>ifconfig tap2 destroy
shell>ifconfig tap3 destroy
shell>ifconfig tap4 destroy
shell>ifconfig tap5 destroy
The setup is complete, in the next blog post, I will talk about how you can setup similar virtual switch using FreeBSD ng_bridge implementation. Plus releasing the FreeBSD VM for you to try out the setup yourself.
Enjoy (;])
Friday, December 17, 2010
Virtual Network Switch
Many people have talked about hypervisor, and playing around with virtual machines. There are many solutions available today, either open source or commercial one. We have VMware, Xen, Virtualbox, Qemu, KVM, Parallel, Virtual PC, and others that I may not know.
What I would like to discuss here is virtual network switching, many of us have used a piece of hardware call network switch, which allows the end point to talk to each other. For the hardware network switch, we have many companies that are producing it, for example Cisco, Juniper, 3Com, DLink, NetGear and etc.
The virtual machine lives inside single operating system, which means we can have many virtual machines running inside a piece of hardware, so with virtual network switch we also can run many network switches inside a piece of hardware, and using them to connect virtual machines, and get them to talk to each other.
However, how many solutions are there for virtual network switch? As far as I know, not many. Cisco has produced one which is called Cisco Nexus 1000 Series. If you do know any other commercial solution, please comment.
How about open source solution for that? Yes, here are two that I found very interesting, again if you know any other open source solution, please let me know.
- Open vSwitch
- Vde
This is just simple writeup for what I'm going to cover in the future which I will discuss about how you can setup virtual network switch, and leverage on them. Most of my posts will be discussing about both Open vSwitch and Vde while Virtualbox and Qemu will be used to connect to the switch.
Enjoy (;])
Thursday, December 16, 2010
Virtualization Insanity
I have been poking around with virtualization technologies, and this is one of the screenshot I have taken when multiple qemu vm talking to multiple virtualbox vm.
I will cover a lot about this topic soon, for my own note, and also for sharing purpose.
Cheers ;]
I will cover a lot about this topic soon, for my own note, and also for sharing purpose.
Cheers ;]
Wednesday, December 15, 2010
4REN6 VM Mirror
Thanks to Digital Forensics Framework(DFF) team to provide mirror for 4REN6 vm where you can find here -
http://ftp.digital-forensic.org/mirror/4ren6.radiobandit.org/
I'm still looking for more download mirrors, please let me know if you can host it.
Enjoy ;]
http://ftp.digital-forensic.org/mirror/4ren6.radiobandit.org/
I'm still looking for more download mirrors, please let me know if you can host it.
Enjoy ;]
Subscribe to:
Posts (Atom)