my task is as follows: collect some information about application-level network requests (for example, in .pcap file) and repeat these requests on another computer running python 3.6. For example, I have a pcap file with an http request to some site, I want to repeat it on another computer using some python lib, is there a way to do this? I am interested in HTTP, HTTPS, FTP, DNS, IMAP, SSH protocols. Thanks in advance.
You can use TCPReply for replying a .pcap file.
Just sniff your data with wireshark on one computer, save it to .pcap file., and you can play it later using the TCPReply tool.
Related
I would like to create a demo with the following topology:
... --->[switch] <---> [Host]
DEMO: A switch sends a packet to a monitoring Host (The packets original destination is not this Host, yet switch will send to it via a mirror port). The monitor-Host is to capture that packet, do something with it (e.g., just dump the L2-L4 header fields into some log file), and then send the original packet back towards the switch.
Host Environment: Ubuntu 12.04 Linux.
Dilemma: What's the simplest way I can capture the packet in Host and send back the original packet to the switch?
Possibilities to Explore:
Create a packet sniffer program in C (looks complex ... libpcap, AF_Packet sockets etc.).
Try to use python scapy (don't know how complex this will be).
Try to install some open source proxy server of some kind to which I can write a plugin that will examine the captured packets.
Question: Any better recommendations (if I can avoid going the programming route, it would be preferred. Is there any simple scripting method to do this?). Looking for a quick-and-dirty method here. Thanks.
well, you can use packets sniffers available such as wireshark, ettercap which will capture all network packets (using promisc mode) and dump them in readable format.
Or, you can preety much easily code sniffer for yourself in python, linux which is not so much complex to understand..
We have an external secure FTP server that we want to access through HTTPS (our infrastructure does not support FTPs). I know that's possible but I don't know how. I'm looking for something like this:
ftp://ftp.mozilla.org/pub/mozilla.org/zz
http://ftp.mozilla.org/pub/mozilla.org/zz
Thanks!
To add some clarification: FTP and HTTP are, as SLaks said, two entirely different things. The links you have posted use two separate protocols. One if ftp, and one is http. You appear to be getting confused by the second link because it still has ftp in it. What is happening there is that "ftp.mozilla.org" is the domain name of that server. the pages themselves look similar because there is not actual page you are referencing (you are visiting the directory itself) and there is no default page specified in that directory (for example, no index.html).
The default behavior in this case is to simply list the directory contents, which is pretty much what the ftp protocol does anyway.
So:
You will need to either install a web server program (not an ftp server program!) on the ftp server (the physical box) and let users download files using the http(s) protocol, or you will as SLaks suggested need to create your own proxy (or find one that exists) that will receive commands from the http protocol and transform them into the equivalent ftp commands, which are then sent to the ftp server.
Personally, I recommend the former, as it is less complicated.
FTP and HTTP are two different protocols that have nothing to do with each-other.
You need to run an HTTP server.
You can either run an HTTP server that exposes the same files (like Mozilla does), or write an HTTP proxy for the FTP server.
Sounds like you are looking for a web-based FTP client. http://www.net2ftp.com/ is a good place to start, but you will have to configure the tunnel appropriately within your network. A solution like net2ftp will tunnel traffic to and from the server as HTTP, then running local scripts.
You will also want to remember that there are other file protocols your network administrator can open up aside from SFTP/FTP. Ask them about a private SSH key alternative, which would avoid a public-facing web-based FTP server/client solution.
I want to build a service on my Linux VPS which listens to a certain UDP port and does something with the (text)message which is captured. This processing consists of appending the message to a locally stored txt-file and send it as http, with a post variable to another server.
I've looked into Nginx but as far is can see this server can only be bound to receive http packets. Although it is asynchronous.
What is the best way to achieve this listening-service on linux? And which has the capabilities to do the above mentioned processing?
Is for instance node.js a possibilty? It looks great
For simplicity, you can use xinetd, and for the app you can use any scripting language, which will read the packet from the stdin and save it to the file.
I have a large file I want to download from a server I have root access to. I also have several different, concurrent internet connections from my machine to the server at my disposal.
Do you know of any protocol, (S)FTP client, HTTP client, AFP client, or any other file transfer protocol server and client combination that supports multithreaded downloads over different connections?
One option would be the "old fashioned" multi-part file..
split -b 50m hugefile multiparthugefile_
That will create multiparthugefile_a, multiparthugefile_b and so on. To rejoin them, use the cat command:
cat multiparthugefile_* > hugefile_rejoined
To actually transfer the files using different interfaces, the wget --bind-address=ADDRESS flag should work:
--bind-address=ADDRESS bind to ADDRESS (hostname or IP) on local host.
This problem seems like something Bittorrent is positioned to do well, but I'm not sure exactly how you would do this..
Perhaps create a temporary tracker (or use something like OpenBitTorrent.com), and run multiple clients locally - as long as the clients support the LAN transfer feature, each client would grab different parts from the server, and share them with the (local) clients. You'd end up with multiple copies of the file locally, but it would only transferred over the internet once
Any of these? You'll need a webserver hosting the same file on all the interfaces though.
In case of HTTP or HTTPS, as long as server supports range requests you can fetch the ranges separately and stitch them together. I started working on a use case that is pointed by you. If you are still interested, here is a link to my repository https://github.com/m0hithreddy/MID.
The program (MID) uses SO_BINDTODEVICE socket option to bind to a specific interface, so in most of the cases you require super user permissions and CAP_NET_RAW capability (root user has).
MID determines the network interfaces to use in the download and adopts two step split for downloading the content.
First step: The file is divided among network interfaces (in real time).
Second step: Further the file is divided among several HTTP range requests that arises from that particular interface (NOTE: Server should support them at the first place to make all of this possible)
MID supports HTTP and HTTPS protocol.
Cheers :)
http - check out one of the various download manager (ie firefox with http://www.downthemall.net/ extension)
there are also ftp downloader that support multiple streams
I need to write a packet sniffer in Linux that detects HTTPS packet that are sent and save the url from the request. I found code for this in security-freak and ran it. This code runs and only sniffs the received packet but I need to get the sent packet in the sniffer.
How do I get the sent packet in this code?
I can't use any library like libcap (forbidden).
The code is :sniffer.c
You should be using ETH_P_ALL instead of ETH_P_IP as the protocol. ETH_P_IP only listens for incoming IP packets.
Why can't you use any library? Homework?
It's hard to answer without having examples from your code, for example how you set sll_pkttype.
The urlsnarf tool in the dnsiff suite could be worth a look.
With appropriate libpcap or DNET usage You should be able to get all network
traffic on the desired layer (protocol - 5) (also this outgoing).
But You should know that already.
You need to go through the above libraries manuals and find the appropriate filtering.