Unable to Remove Subinterface from ScreenOS

When removing subinterfaces from a SSG550 we were getting the following error: > Unable to remove interface, interface ethernet0/0.1:1 is in use the interface cannot be set Where ethernet0/01:1 is the interface you are trying to remove. After some experimentation we found that you have to make sure you have removed the check box under the NTP server service option. If the subinterface is still running NTP you will be unable to remove the subinterface.
Read more →

Ubuntu Wireless with BCM4322

I have been having issues with the BCM4322 wireless card on my macbook pro under ubuntu. As it turns out after some digging the BCM4322 driver only supports the ‘Rest of World’ locale which does not include wireless channels 12 & 13. You can test this by trying: sudo iwlist eth2 channel Which on the macbook pro returns: eth2 20 channels in total; available frequencies : Channel 01 : 2.412 GHz Channel 02 : 2.
Read more →

Convert a MAC Address with Hyphen to Colons

If you have a MAC delimited with hyphens: xx-xx-xx-xx-xx-xx You can convert it to use colons using sed: echo xx-xx-xx-xx-xx-xx | sed ’s/-/:/g' Which will output as: xx:xx:xx:xx:xx:xx Anything can be replaced: echo xx-xx-xx-xx-xx-xx | sed ’s/-/%/g' Would output: xx%xx%xx%xx%xx%xx
Read more →

Create an virtual network interface in an ESX windows guest using VGT (Virtual Guest Tagging)

Get the intel drivers from e1000 NIC (32bit) and install them in your vm. Once installed make sure you configure the network card properties with the correct VLAN tag. Then make sure that you assign the VLAN tag 4095 to the virtual machine’s portgroup.
Read more →

Listing the MAC Address for Adapters in Windows

You can use this to list the MAC address on the current machine: getmac /V It also has remote options too: getmac /S computer /U domain\user /P password This is quite usefull when you do not have any protocols attached so the MAC will not show up in ipconfig. It saves you going through the GUI for each adapter you want to check. I’m not sure how I have missed this for so long.
Read more →

Checking DNS for CERT VU#800113

You can use the following web service to see if your DNS servers or resolvers need attention. For Windows: nslookup -querytype=TXT -timeout=10 porttest.dns-oarc.net. nslookup -querytype=TXT -timeout=10 porttest.dns-oarc.net. DnsServerName For *nix: dig +short porttest.dns-oarc.net TXT dig @DnsServerName +short porttest.dns-oarc.net TXT Where DnsServerName is the name of the DNS server you want to check. You are looking for GREAT, GOOD or POOR in the results. Original Reference
Read more →

Sniffing Network Traffic in ESX

If you want to enable promiscuous network sniffing within a vSwitch the safest way to do it is to create a second port group. Promiscuous mode can be enabled on an existing port group but once this has been done, any device connected to that port group has that ability. Once you have your second port group correctly configured you can attach a monitoring appliance. To do my monitoring I tend to use OpenBSD with tcpdump and then use Wireshark to analyse the data.
Read more →

A Basic Traceroute in Scapy

ans,unans=traceroute(['www.google.co.uk','www.yahoo.com','www.microsoft.com']) ans ans.graph(target="> /tmp/graph.svg")
Read more →

Using tcpdump to Capture Traffic for Analysis in Wireshark

Use the following: tcpdump -i <interface> -s 1500 -w <some-file> tcpdump will only cature the first 68 bytes so you need to change the value to your packet size.
Read more →