From Network Security Wiki
Jump to navigation Jump to search


TFTP Server Installation

sudo apt-get install tftpd-hpa
sudo apt-get install tftp
sudo nano /etc/defualt/tftpd-hpa
  TFTP_OPTIONS="--secure --create"
sudo service tftpd-hpa restart
tftp> get test
  Sent 159 bytes in 0.0 seconds
tftp> quit
cat test


Terminal servers:

The main advantage of a terminal server is that you can get console access to your hardware from a distance, using a network connection. It doesn’t matter if you are in the next room or in another country as long as you have connectivity to your terminal server. You have 3 options:

Use a terminal server specifically made to do that. Cisco, Cyclades or another brand,  it doesn’t really matter.
Use a Cisco router as a terminal server by adding serial cards.
Make your own terminal server using a PC.

It is easy to set up the terminal server using a program called Ser2net. Once your USB adapters are detected by Linux (check with dmesg), they are usually named ttyUSB0, ttyUSB1 etc. Next step is to install ser2net:

apt-get install ser2net.

Configuring Ser2net: Ser2net is a service that maps TCP ports to your USB ports. You need to make changes in its configuration file.

sudo nano /etc/ser2net.conf

The file should look like the following, for instance if you have 5 USB adapters:

2000:telnet:0:/dev/ttyUSB0:9600 8DATABITS NONE 1STOPBIT banner
2001:telnet:0:/dev/ttyUSB1:9600 8DATABITS NONE 1STOPBIT banner
2002:telnet:0:/dev/ttyUSB2:9600 8DATABITS NONE 1STOPBIT banner
2003:telnet:0:/dev/ttyUSB3:9600 8DATABITS NONE 1STOPBIT banner
2004:telnet:0:/dev/ttyUSB4:9600 8DATABITS NONE 1STOPBIT banner

The first number corresponds to the TCP port to reach respective switches linked by USB serial adapters.

Finally restart set2net.

sudo /etc/init.d/ser2net restart

Let’s suppose your terminal server has the IP address, you should be able to connect to your Cisco device using telnet.

telnet 2000
ser2net port 2000 device /dev/ttyUSB0 [9600 N81] (Debian GNU/Linux)

Minicom: USB Serial Console

Purchase a USB to Serial adapter that supports Linux & do not require a driver in Linux Make sure the item is plugged in at boot time

Install Minicom:

dmesg | grep tty
sudo minicom -s
  select "Serial Port Setup"
  Change the line speed (press E) & change to "9600"
  Change the hardware flow control (press F) & change to "No"
  Change the serial device (press A) & change to "/dev/ttyS0"
  Or to use your USB port, change the serial device to "/dev/ttyUSB0"
  "Save setup as dfl"
  "Exit Minicom"

To find out if you have configured Minicom correctly:

sudo minicom

you should be connected to your Cisco device.

If you see a bunch of gibberish every time you connect to a device:

sudo minicom -s
"Modem and dialing"
 Press "A" to edit the Init string, delete all characters
"Save setup as dfl"

Firefox Speedup

 network.http.pipelining -> true
  network.http.pipelining.maxrequests -> 8 (default=32)
  network.http.proxy.pipelining -> true
  network.dns.disableIPv6 -> true
  plugin.expose_full_path -> true
  Right click -> New -> Integer -> "nglayout.initialpaint.delay"  ->  0 in value
  Right click -> New -> Integer -> "content.notify.backoffcount"  ->  5 in value
  Right click -> New -> Integer -> ui.submenuDelay -> 0 in value

Some more Tweaks

  • Enable the spellchecker for inputfields and textareas (default is textareas only) layout.spellcheckDefault=2 (default=1)
  • Open lastfm://-links directly in amarok -> network.protocol-handler.app.lastfm=amarok & network.protocol-handler.external.lastfm=true

Firefox Memory Leak Fix

  • Right-click -> New -> Integer -> browser.cache.memory.capacity

This is where you decide how much memory to allocate to Firefox. This depends on how much RAM your computer has. A good recommended setting is 16MB. If you want 16MB, enter this value into the dialog prompt: 16384 then close all instances of Firefox and restart. If your Firefox still uses the same amount of memory, give it a few minutes and it should slowly clear up. If that fails, try a system reboot.

Firefox open Tabs in Background

browser.tabs.loadDivertedInBackground    =>   true

Test IPv6 Web access

 > set type=AAAA
 > www.facebook.com


sudo apt-get install ntop -y
sudo ntop --set-admin-password
sudo ntop -u ntop -d

Change interfaces:

sudo gedit /var/lib/ntop/init.cfg
sudo /etc/init.d/ntop start

For Latest Version:

sudo apt-get install libpcap-dev libgdbm-dev libevent-dev librrd-dev python-dev libgeoip-dev
svn co https://svn.ntop.org/svn/ntop/trunk/ntop
install the latest libpcap from internet
make install


List out all connections from different protocols like tcp, udp and unix sockets:

netstat -a

List only TCP or UDP connections

netstat -at
netstat -au

Disable reverse dns lookup for faster output

netstat -ant

List out only listening connections

netstat -tnl

Get process name/pid and user id

sudo netstat -nlpt   =PID
sudo netstat -ltpe   =User

Print statistics

netstat -s

Display kernel routing information

netstat -rn

Print network interfaces

netstat -i
netstat -ie   = Human friendly

Get netstat output continuously

netstat -ct

Display multicast group information

netstat -g

Print active connections

netstat -atnp | grep ESTA

Check if a service is running

sudo netstat -aple | grep ntp


a - All
t - TCP
u - UDP
n - No DNS lookup
l - Listening
i - Interface
o - PID (windows)
p - PID (Linux)
s - statistics


View Short Output

dig redhat.com +short

Display Only the ANSWER SECTION

dig redhat.com +nocomments +noquestion +noauthority +noadditional +nostats
dig redhat.com +noall +answer

Use a Specific DNS server Using dig @dnsserver

dig @ns1.redhat.com redhat.com

DNS Reverse Look-up

dig -x +short

View ALL DNS Records Types

dig redhat.com ANY +noall +answer
dig @ns1.redhat.com redhat.com ANY +noall +answer

Query MX Records

dig redhat.com  MX +noall +answer


Install NST to Flash or HDD

livecd-iso-to-disk --reset-mbr --noverify --overlay-size-mb 1024 --home-size-mb 256 --unencrypted-home /tmp/nst-2.13.0.x86_64.iso /dev/sdc1

Play RAR Video

sudo apt-get install unrar vlc
unrar p -inul /example/path/to/Some.Scene.Release/some.sr.r00 | vlc -
  p      = outputs the extraction data of the file
  -inul  = disables error messages

can only pause and play the file, but not rewind or fast forward.


gedit ~/.bashrc
mkdir ~/bin
gedit ~/bin/rarvideo
#! /bin/sh
unrar p -inul $1 | vlc -
chmod u+x ~/bin/rarvideo
rarvideo somerarfile.r00

you can also right click a rar file in nautilus and choose "open with" and type in rarvideo

Change IP address of Tor

(echo authenticate '"password"'; echo signal newnym; echo quit) | nc localhost 9051

Edit Grub

Press Alt+F2 > gksudo gedit /etc/default/grub
   GRUB_DEFAULT=0                                                        ==>> Default OS
   GRUB_TIMEOUT=10                                                       ==>> Grub Menu Timeout
   GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
sudo update-grub

Enable Desktop Notifications in VLC on Ubuntu

VLC > Tools > Preferences.
Click the circle next to ‘all’.
search > Enter ‘notify’
Select 'Control Interfaces’ and check the box next to ‘LibNotify Notification Plugin’.

CLI QR Encoder

​sudo apt-get install qrencode
qrencode -t ANSI "Hello World"​

Create Hotspot in Ubuntu

Source ubuntuhandbook.org

  • Verify if AP mode is supported:
iw list | grep AP
  • Install Connection Editor:
sudo apt-get install plasma-nm
  • Click Add button and choose “Wireless (shared)” from the drop-down list.
  • Type in a name, ssid, and select Access Point mode. Set up a password under Wireless Security tab if required.
  • Connected to Wired internet.
  • Click Network Manager applet on Unity panel and then choose the connection you created in previous step and click Connect button.

PPPoE Router Testing

I used this Lab to verify if my WiFi router is working properly or is faulty.
My ISP was insisting that the router is faulty.
So I decided to test it myself using GNS3.

Pppoe testing.png
ISP Router Config - PPPoE Server - R1
username Cust1 password 0 ciscopppoe

bba-group pppoe global
 virtual-template 1
interface Ethernet0/0
 no ip address
pppoe enable group global

interface Virtual-Template1 
 mtu 1492
 ip address
 peer default ip address pool PPPoEPOOL
 ppp authentication chap callin

ip local pool PPPoEPOOL
PPPoE Client(to verify configuration of R1) - R2
interface Ethernet0/0
 no ip address
 pppoe enable group global
 pppoe-client dial-pool-number 1

interface Dialer1
 mtu 1492
 ip address negotiated
 encapsulation ppp
 dialer pool 1
 ppp authentication chap callin
 ppp chap hostname Cust1
 ppp chap password 0 ciscopppoe
ip route Dialer1
  • Now Test the PPPoE Server by running following commands:
ISP Router
debug ppp authentication
debug pppoe events
PPPoE Client
show pppoe session
show ip interface brief
  • If the above setup is working as expected, Open the WebUI of the Router and assign the username as "Cust1" and password "ciscopppoe" to the PPPoE connection.
  • Now connect a LAN Cable from the Internet port of your Router to the LAN Port of your PC.
  • If the Router/Ports are fine, the connection should be UP now. Verify from the debug commands.

Installing WebKeePass

Source: Raman-kumar.blogspot.in

Installing WebKeePass Server in CentOS:

  • Installing Java JDK:
sudo yum install java-1.7.0-openjdk-devel
java -version
  • Setting JAVA_HOME:
find / -name java | grep -i jdk
nano .bash_profile


export JAVA_HOME=/usr/lib/jvm/java-1.6.0-openjdk-



wget http://sourceforge.net/projects/webkeepass/files/WebKeePass-3.121122.zip/download
unzip WebKeePass-3.121122.zip
cd WebKeePass-3.121122
chmod 777 Install.sh
Select Y
Installation Path:      /usr/local/webkeepass-3.12
JAVA_HOME' Path:        /usr/lib/jvm/java-1.6.0-openjdk-
chmod u+x ./jakarta-tomcat-5.5.7/bin/*.sh
chmod u+x ./startup.sh
 Using CATALINA_BASE:   /usr/local/webkeepass-3.12/jakarta-tomcat-5.5.7
 Using CATALINA_HOME:   /usr/local/webkeepass-3.12/jakarta-tomcat-5.5.7
 Using CATALINA_TMPDIR: /usr/local/webkeepass-3.12/jakarta-tomcat-5.5.7/temp
 Using JAVA_HOME:       /usr/lib/jvm/java-1.6.0-openjdk-
  • To stop service/tomcat
  • Add exception in the iptables firewall:
iptables -A INPUT -p tcp --dport 8443 -j ACCEPT
  • The WebUI must be accessbible from the following URL:

blog comments powered by Disqus