Mastering Packet Analysis with Tcpdump - Packet Analysing.

Tcpdump is a powerful command-line packet analyzer tool used for network troubleshooting and analysis. It allows the user to intercept and display the packets transmitted or received over a network to which the computer is attached. In this guide, we'll explore how to use tcpdump for various purposes, including capturing packets, filtering traffic, and analyzing packet content.

1. Display Available Interfaces:

To see a list of available network interfaces on your system:

tcpdump -D

2. Capture Packets from a Specific Interface:

To start capturing packets from a specific interface (e.g., venet0):

tcpdump -i venet0

3. Capture Only N Number of Packets:

To limit the capture to a specific number of packets (e.g., 2 packets):

tcpdump -c 2 -i venet0

4. Print Captured Packets in ASCII:

To view the captured packets in ASCII format:

tcpdump -c 2 -A -i venet0

5. Display Captured Packets in HEX and ASCII:

To view the packet's contents in both HEX and ASCII formats:

tcpdump -c 2 -XX -i venet0

Advanced Packet Capturing

6. Capture and Save Packets in a File:

To capture packets and save them to a file for later analysis:

tcpdump -w capture.pcap -i venet0 -c 2

7. Read Captured Packets from a File:

To read packets from a previously saved file:

tcpdump -r capture.pcap

8. Capture Packets from a Specific IP Address:

To capture packets involving a particular IP address:

tcpdump -n -i venet0 -c 2 src 117.229.105.142

9. Capture Only TCP Packets:

To capture only TCP packets:

tcpdump tcp -n -i venet0 -c 2

10. Capture Packets from a Specific Port:

To capture packets from a particular port (e.g., SSH port 22):

tcpdump -i venet0 -c 2 port 22

Filtering and Analyzing Traffic

11. Capture Packets with a Readable Timestamp:

To capture packets with a more readable timestamp:

tcpdump -i venet0 -c 2 -tttt

12. Read Packets Longer than N Bytes:

To capture and read packets longer than a certain size (e.g., 10 bytes):

tcpdump -i venet0 greater 10 -c 2

13. Filter Packets – Exclude ARP and RARP:

To capture all packets other than ARP and RARP:

tcpdump -i venet0 not arp and not rarp -c 2

Conclusion

Tcpdump is an incredibly versatile tool that can be used for a wide range of network analysis tasks. By understanding how to use its various options and filters, you can diagnose network issues, monitor traffic in real-time, and perform in-depth protocol analysis. Remember, while tcpdump can capture sensitive data, it should be used responsibly and ethically. Happy analyzing!

Setting Up PostgreSQL on Your Linux System

PostgreSQL, also known as "Postgres," is a highly extensible and standards-compliant object-relational database management system (ORDBMS). It's renowned for its robustness, ACID-compliance, advanced features like multiversion concurrency control (MVCC), and a wide array of indexing methods, functions, and more. This guide will walk you through configuring your YUM repository, installing PostgreSQL, and setting up a basic database schema.

Step 1: Configure Your YUM Repository

Locate and Edit Your Distributions .repo File:

• Fedora: Edit /etc/yum.repos.d/fedora.repo and /etc/yum.repos.d/fedora-updates.repo, specifically the [fedora] sections.
• CentOS: Edit /etc/yum.repos.d/CentOS-Base.repo, focusing on the [base] and [updates] sections.
• Red Hat: Edit /etc/yum/pluginconf.d/rhnplugin.conf and look for the [main] section.

Append the Exclude Line: To each of the sections identified above, append the following line to prevent the default PostgreSQL package from being installed, as it may be outdated:

exclude=postgresql*

Step 2: Download and Install the PGDG RPM File

PGDG File: PostgreSQL Global Development Group (PGDG) provides an optimized and more up-to-date version of PostgreSQL.

1. Find the Correct RPM:

   • Browse PostgreSQL's YUM repository to find the RPM suitable for your distribution, architecture, and desired PostgreSQL version.

2. Download the RPM:

   • For example, to install PostgreSQL 9.3 on CentOS 6 64-bit:

   curl -O http://yum.postgresql.org/9.3/redhat/rhel-6-x86_64/pgdg-centos93-9.3-1.noarch.rpm
   

3. Install the RPM Distribution:

   rpm -ivh pgdg-centos93-9.3-1.noarch.rpm
   

Step 3: Install PostgreSQL

List Available Packages:

yum list postgres*

Install PostgreSQL Server:

• For a basic PostgreSQL 9.3 server installation:

  yum install postgresql93-server
  

Step 4: Accessing PostgreSQL

Switch to the PostgreSQL User:

su - postgres

Start Using PostgreSQL:

psql

You're now in the PostgreSQL command line. Here you can manage databases, execute SQL queries, and more.

Step 5: Setting Up a Basic Database Schema

Create a Schema Called test:

CREATE SCHEMA test;

Create a Role (User) with Password:

CREATE USER xxx PASSWORD 'yyy';

Grant Privileges on New Schema to New Role:

GRANT ALL ON SCHEMA test TO xxx;

Grant Privileges on Tables in the New Schema to the New Role:

GRANT ALL ON ALL TABLES IN SCHEMA test TO xxx;

Step 6: Disconnecting

Exit psql:

\q

Conclusion

Congratulations! You've successfully set up PostgreSQL on your Linux system. You've also created your first schema and user with privileges. PostgreSQL is a powerful tool with many more capabilities and features to explore. As you become more familiar with its workings, you'll be able to leverage its full potential in managing and analyzing your data effectively. Don't forget to regularly check for updates and maintain your PostgreSQL installation to ensure security and performance.

Mastering Puppet: A Guide to Configuring the Puppet Master and Client

Puppet is a powerful configuration management tool that automates the process of managing your infrastructure. Setting up a Puppet Master and its clients can seem daunting, but with this guide, you'll be equipped to handle the initial configuration with ease. This blog will walk you through the steps needed to set up a Puppet Master and client, ensuring a smooth and secure connection between them.

Step 1: Initial Setup for Both Master and Client

Downloading and Installing Needed RPM

Before you begin, ensure that both the Master and the client machines have the necessary RPM installed. This can be done by running:

rpm -ivUh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

This command will install the EPEL (Extra Packages for Enterprise Linux) repository, providing additional packages for your setup.

Step 2: Installing the Puppet Server and Client

Master: Installing Puppet Server

On your Master machine, install the Puppet Server with Yum:

yum install puppet-server

Client: Installing Puppet

On the client machine, install the Puppet client software:

yum install puppet

Step 3: Configuring Hostnames and Network

Ensure that the Master and client can communicate with each other by setting up the hostnames correctly.

Edit the Hosts File

Add the following entries to the /etc/hosts file on both the Master and client:

xxx.xxx.xxx.xxx master.puppet.com

xxx.xxx.xxx.xxx client.puppet.com

Replace xxx.xxx.xxx.xxx with the appropriate IP addresses.

Test the Connection

Test the connectivity between the Master and client using the ping command:

ping -c 3 client.puppet.com

ping -c 3 master.puppet.com

Step 4: Setting Up Iptables

For secure communication, you need to ensure that the correct port is open on both the Master and client.

Modify Iptables Rules

You can either disable Iptables or open port 8140, which Puppet uses for communication:

iptables -A INPUT -p tcp --dport 8140 -m state --state NEW,ESTABLISHED -j ACCEPT

Step 5: Starting the Puppet Master Server

With the configurations set, it's time to start the Puppet Master.

Start the Server

On the Master machine, start the Puppet Master service:

/etc/init.d/puppetmaster restart

Step 6: Client Certificate Signing

Puppet uses a certificate-based authentication system. The client will request a certificate from the Master, which needs to be signed.

Check for Signed Certificates

From the client machine, initiate a certificate signing request:

puppetd --server=master.puppet.com --waitforcert 60 --test

Sign the Client's Certificate

On the Master, list all unsigned certificates:

puppetca --list

Sign the client's certificate:

puppetca --sign client.puppet.com

Step 7: Creating Configuration for Clients

With the infrastructure in place, you'll now need to define the desired state of your client systems in the Puppet Master.

Edit the Manifest File

Add configurations to /etc/puppet/manifests/site.pp on the Master. Here's a sample configuration:

# Create "/tmp/testfile" if it doesn't exist.

file { "/tmp/outside":

ensure => present,

mode => 644,

owner => root,

group => root

}

class test_class {

file { "/tmp/testfile":

ensure => present,

mode => 644,

owner => root,

group => root

}

}

package {

'httpd':

ensure => installed }

service {

'httpd':

ensure => true,

enable => true,

require => Package['httpd']

}

# tell puppet on which client to run the class

node client {

include test_class

}

Conclusion

Congratulations! If you've followed these steps without error, your Puppet Master and client are now configured and communicating securely. With your infrastructure now under Puppet's management, you're set to automate your configurations, ensuring consistency and reliability across your environment. Remember, Puppet is incredibly powerful and flexible. Continue exploring its capabilities to fully harness its potential in managing your infrastructure.