Decoding SNMP OIDs using tshark (wireshark) - linux

I am debugging an SNMP trap problem using tshark (TShark 1.6.6) on a Linux platform. (The target platform does not support the wireshark GUI.) OIDs in PDUs are shown in numerical format even though I have MIBs installed in /usr/share/snmp/mibs with a link to that in /usr/local/share/mibs. I tried -V. There doesn't appear to be a tshark verbose or debugging option except for some memory debugging options. I have checked the man page and find nothing on SNMP or MIBs. I tried strace and I found a file /usr/share/wireshark/oid file but when I put the MIB directory there, I get a flex error, and a google search for what this mysterious file means turns up nothing. I can copy and paste the OIDs into an snmptranslate command and it correctly translates them. I tried creating a ~/.wireshark directory with smi_modules and smi_paths ("/usr/share/snmp/mibs"). I did a tshark -G currentprefs to see if there was a relevant preference but there isn't. I have googled this issue but I get way too much chaff to make any progress. I checked unix.stackexchange.com, superuser.com, and this site. I verified that people ask wireshark questions on this site (10,000 of them) to make sure it was on topic.
Example invocation:
tshark -R "snmp && ip.dst==<nms_ip>" -i eth0
Running as user "root" and group "root". This could be dangerous.
Capturing on eth0
4.675952 <agent_ip> -> <nms_ip> SNMP 115 sNMPv2-Trap 1.3.6.1.2.1.1.3.0 1.3.6.1.6.3.1.1.4.1.0
Contents of ~/.wireshark/preferences:
name_resolve: mtC
name_resolve_load_smi_modules: TRUE
snmp.display_oid: TRUE
snmp.desegment: TRUE
snmp.var_in_tree: TRUE
How do I get the OIDs to be displayed in symbolic format, e.g. sysUpTimeInstance and snmpTrapOID.0?

I found the information Resolving SNMP OID in snmpbulkwalk and tshark useful.
Adding my MIBs to ~/.wireshark/smi_modules (via wireshark name resolution preferences), and ensuring the MIBs were located in the correct location
(on a mac I used dtrace to trace which files 'tshark' was accessing and located the path as /usr/share/snmp/mibs)

Related

Problem at taking trace through linux command

I need your assistance for the below issue:
I use the following Linux command to take a trace:
sudo tcpdump -i any host IP -w file_name.cap
when I open the generated file using wireshark and click on (follow tcp stram), it's no any shown content as per the following screenshot:
so please advise me if the problem in the command or in the packets..
Many thanks..
Warda Jouria

Serial port unavaliable arduino

Trying to upload a code to arduino, but whether in the Arduino IDE or Arduino Create, both return this erro while uploading. Running on Linux Tara(mint 19 cinnamon).
./opt/arduino-builder/arduino-builder -compile -core-api-version 10611 -hardware opt/arduino-builder/hardware -hardware ./opt/cores -tools opt/arduino-builder/tools -tools ./opt/tools -built-in-libraries opt/libraries/latest -logger humantags -fqbn arduino:avr:mega:cpu=atmega2560 -build-cache /tmp -build-path /tmp/716441957/build -verbose -libraries /tmp/716441957/custom -libraries /tmp/716441957/pinned /tmp/716441957/sketch_oct8a
Sketch uses 8280 bytes (3%) of program storage space. Maximum is 253952 bytes.
Global variables use 443 bytes (5%) of dynamic memory, leaving 7749 bytes for local variables. Maximum is 8192 bytes.
Programming with: Serial
Flashing with command:/home/jesus/.arduino-create/arduino/avrdude/6.3.0-arduino9/bin/avrdude -C/home/jesus/.arduino-create/arduino/avrdude/6.3.0-arduino9/etc/avrdude.conf -q -q -patmega2560 -cwiring -P/dev/ttyACM0 -b115200 -D -Uflash:w:/tmp/arduino-create-agent734074237/sketch_oct8a.hex:i
avrdude: ser_open(): can't open device "/dev/ttyACM0": Permission denied
ioctl("TIOCMGET"): Inappropriate ioctl for device
ioctl("TIOCMGET"): Inappropriate ioctl for device
1#
First, check the port in your IDE. In Arduino tools->port
If the port is hidden or you can not move the cursor over this then run this commands in your terminal.If everything ok then skips this and follow the second part.
sudo apt-get install librxtx-java -y
sudo usermod -aG dialout $USER
sudo apt-get install gnome-system-tools
2#
After this again check the first method. If it is not working then run this commands
ls -l /dev/ttyACM*
sudo usermod -a -G dialout <username>
You probably have another program running which is already using this port.
You should close most other programs like putty or another serial monitor app.
Otherwise, try to reconnect the Arduino to the PC.
I know that these ideas below come from using a Teensy, but they may help you.
Sometimes there are the ACM* ports listed in the Arduino IDE. Try looking at the ser ports. I know when I am running my Teensy, sometimes I have them switched and need to select the correct one.
Also, from my experience with the Teensy, you might need to add a udev rule to allow permissions to access the port from non-root user. Here is the link that shows the udev file.
There is no direct way to solve this issue. In addition to it, you are not using an IDE. I will list the things you need to check, I am sure this will solve your problem.
I am not good at Linux environment so I will refer to applications names as window, you go the corresponding application in Linux.
Go to linux device manager and see for your arduino board. It should have proper naming like "arduino uno at port 3", then use the correct port in your command. If this name does not come properly then it means Driver is not available in your machine. So, go to step2.
Find the driver online and install it in your system, I am not sure about the support of linux with arduino, once it is done please repeat step1.
So, I conclude in short that you do not have the proper driver (which is strongly believe) or pointing the wrong port. I am not an expert with the udev rules, but it is definitely an issue you can experience with these kinds of micro-controllers.

MPLS in mininet using iproute2, RTNETLINK answers: Operation not supported

I am trying to use MPLS on mininet I was able to install iproute2 and when I try something like this
ip route add 192.168.10.187/32 encap mpls 101 via 10.10.0.187
I get the error:
Error: either "to" is duplicate, or "encap" is a garbage.
Also when I try something like this
ip -f mpls route add 101 dev lo
I get the error:
RTNETLINK answers: Operation not supported
I checked my config file and set all of this, with no success:
CONFIG_NETFILTER_NETLINK=y
CONFIG_NETFILTER_NETLINK_QUEUE=y
CONFIG_NETFILTER_NETLINK_LOG=y
CONFIG_NF_CT_NETLINK=y
CONFIG_SCSI_NETLINK=y
CONFIG_IP_ADVANCED_ROUTER=y
CONFIG_NET_SCH_INGRESS=y
CONFIG_NET_SCHED=y
CONFIG_IP_MULTIPLE_TABLES=y
CONFIG_NETFILTER_XT_TARGET_MARK=y
I have the linux image 4.4.0-97-generic, any help will be greatly appreciated.
UPDATE
After doing some reading I found out that I am missing the directory /proc/sys/net/mpls
UPDATE 2
After doing more digging somehow, don't ask me how, I finally installed the missing module and now I have this error:
RTNETLINK answers: Invalid argument
UPDATE 3
I still have the previous problem stated in UPDATE 2, but I noticed when I try to add a new route, I get no complains and it actually shows on the routing table. However when I do:
ip -f mpls route show
I get no results
I think you have to load the kernel mpls modules first,
modprobe mpls_router
modprobe mpls_iptunnel
Then, allow the network interfaces to process mpls labeled packets (disabled by default)
echo 1 > /proc/sys/net/mpls/conf/IFNAME/input
(where IFNAME is the name of the network interface that will send/receive mpls packets)
And finally, specify number of entries that the kernel should allocate for labels (0 by default)
echo 2048 > /proc/sys/net/mpls/platform_labels
or else the iproute2 will gladly process your routes but the kernel won't know any of them (I've been bit by that, too).
References:
https://www.kernel.org/doc/Documentation/networking/mpls-sysctl.txt
http://www.samrussell.nz/2015/12/mpls-testbed-on-ubuntu-linux-with.html

Can you help me access Mac SMB share from Ubuntu using smbclient? (NT_STATUS_ACCESS_DENIED error)

I've been working on a file server product that uses smbcilent to transfer files between client computers and the server. It's been working great so far with our LAMP (Ubuntu) server and Windows machines.
I'm currently trying to expand the setup to include Mac's, but am having trouble with the server accessing the share on the Mac.
Here's my command and error (bracketed descriptions replace private info):
# smbclient //10.101.0.7/[share-file] -U [username]%[password] -c ls
WARNING: The "syslog" option is deprecated
NTLMSSP packet check failed due to short signature (0 bytes)!
NTLMSSP NTLM2 packet check failed due to invalid signature!
session setup failed: NT_STATUS_ACCESS_DENIED
Things I've tried:
✓ Accessing share using a Windows machine to ensure the share is setup properly - check! Works fine there.
✓ Invoking -S off or --signing=off in the command - no change.
✓ Just looking at the shares first using smbclient -L 10.101.0.7 -U [username]%[password] - same error.
✓ Googling for an answer - check! Several people with similar problems, but no working solutions so far.
The most promising thing I've see so far involves compiling smbclient 4.4 from sources and running that with no authentication (-U ""%""), but that seems like a temporary solution based on a bug rather than a solid plan that will work for a long time. (But I'll try that next if I can't find any better ideas...)
Thanks for reading and trying to help!
Try adding --option="ntlmssp_client:force_old_spnego = yes" to the smbclient command as suggested on the samba-technical mailing list.
For me, this now lists shares on a Mac OSX server:
smbclient -U$user%$password -L $mac_host --option="ntlmssp_client:force_old_spnego = yes"
For mounting, you may need to add the nounix,sec=ntlmssp options as in
sudo mount -t cifs //$mac_host/$share $mountpoint -o nounix,sec=ntlmssp,username=$user,password=$password
On recent versions of MacOS (e.g. Monterey) it is necessary to do several configuration steps to enable smb access from Linux:
Open System Preferences.
Select Sharing.
Select File Sharing.
Ensure that the directory is listed in Shared Folders.
Right-click/two-finger click on the share directory.
Click on Advanced Options
Ensure Only allow SMB encrypted connections is checked.
Click OK
Click on Options
Click on the checkbox for Share files and folders using SMB.
Under Windows File Sharing ensure the appropriate user is checked.
Type the user's password in the 'Authenticate' dialog bo and press 'OK'.
Click 'Done'.
You should now be able to connect from Linux to the MacOS share using the commands given by #mivk.

Using netstat in Linux

I want to see statistics for each protocol (TCP/UDP) on my Linux Yocto. I try use netstat -s command (http://www.thegeekstuff.com/2010/03/netstat-command-examples/).
But i receive error netstat:invalid option -- 's'. It is because BusyBox's netstat version doesn't contain the -s option.
Is it possible to install "normal" netstat?
I try to install nettools (which includes netstat) using opkg install, but package manager can't find it.
I also try to compile and install net-tools source from here - https://sourceforge.net/projects/net-tools/, but i receive error during installation.
Maybee i can download package from here: rpmfind.net ?
Is it possible to see statistic without using netstat? (i need information, which command netstat -s returns)
(Example of netstat -s output:
udp:
71208 datagrams received
0 with incomplete header
0 with bad data length field
0 with bad checksum
0 with no checksum
832 dropped due to no socket
16 broadcast/multicast datagrams dropped due to no socket
1971 dropped due to full socket buffers
0 not for hashed pcb
68389 delivered
137685 datagrams output
)
the last netstat release is super old. you should build it straight out of git instead (don't worry, we try to keep it sane at all times). use the "Download Snapshot" link in the online git browser.
that said, have you seen the iproute2 project ? it includes tools like nstat and generally preferred over net-tools when it comes to scripting.

Resources