Sniffing on Mikrotik and streaming in real-time to Wireshark
When you have a Mikrotik in any point of your network and you want to launch a sniffer for debugging or troubleshooting, a part from original RouterOS tools, you can stream captured traffic in real-time to Wireshark and inspect packets there.
The idea is exactly the same like I explained on the entry: Sniffing traffic in a Linux box and streaming in real-time to Wireshark on Windows.
Mikrotik configuration using the web interface is like that:
We assume 10.2.0.44 is the IP address of the Wireshark box, ensure that you don’t block UDP traffic on port 37008 because the stream from Mikrotik uses that target port. And define your own filters.
About Wireshark configuration is really simple, just set up the filter to allow only traffic from sniffing stream and select the network interface where traffic comes.
Previous captures allow us to debug DNS queries to Google DNS service, this is the result when you click to the icon marked with a red circle on previous screen capture.
Setting alternative getty service on Ubuntu with systemd
There is an a curses app called wicd-curses which uses a service called wicd, thanks to that app is possible to setup networking configuration for wired and wireless networks using a ncurses environment.
The purpose of the next cookbook is get the wicd-curses running on tty1 after the Ubuntu boots; allowing a console user configure networking settings without login in the system. After installing the wicd-curses package we have the daemon running. The first thing to do is ensure that systemd is taking take of the service:
systemctl enable wicd.serviceNext we have to stop the service that launch getty on tty1 when the system boots:
systemctl disable getty@tty1.serviceNow it’s time to define configuration file for our service /etc/systemd/system/wicd-boot.service:
[Unit] Description=WICD ncurses on tty After=wicd.service [Service] Type=simple StandardInput=tty StandardOutput=tty RemainAfterExit=yes ExecStart=/usr/bin/wicd-curses Restart=always RestartSec=2 [Install] WantedBy=multi-user.target
Finally enable wicd-boot.service is required:
systemctl enable wicd-boot.serviceTry new configuration is possible without reboot just doing:
systemctl daemon-reload systemctl restart wicd-boot.service # check if the service is running with systemctl status wicd-boot.service
On other tty consoles we also have getty but not in tty1 where we have the wicd-curses interface. When we reboot the system we have the same behavior. Before finish the email I want to mention two helping references:
- Arch linux forum: how autostart Interactive program at boot before tty appears
- systemd man page
Extracting private and public keys from a p12 file
PKCS#12 is a container for storing many cryptography objects as a single file. It is commonly used to bundle a private key with its X.509 certificate or to bundle all the members of a chain of trust. This is a fast and simple summary about how to extract your keys from those kind of files:
#Private key: openssl pkcs12 -in file_name.p12 -nocerts -out private.key #Certificates: openssl pkcs12 -in file_name.p12 -clcerts -nokeys -out public.crt
Recurrently I have to access to a usuful guide about those kind of openssl parameters, let me refer that guide:
The Most Common OpenSSL Commands (local copy)
Update 2016/09/19
Usefull links for SSL:
Avui fa 16 anys que vaig començar a escriure el blog
Feliç de recordar l’efemèride i de malgrat no tenir un blog molt prolífic poder explicar que he aconseguir mantenir l’hàbit d’anar compartint encara que fos en petites píldores alguns dels fets i coneixements que la vida m’ha anat permetent disfrutar. Des de l’arribada del Roc més que mai he hagut de tancar el meu “pipeline” de projectes però una cosa positiva és que t’acabes centrant en l’escència i en el que et fa disfrutar més. Per desgràcia no pots atendre moltes altres coses que sovint tornen en forma de records o pensaments, això si, t’adones que les coses que has permès que seguissin al teu costat tenen el millor gust que mai havien tingut.
Només puc dir-vos que la meva intenció és seguir buscant reconets i estones per seguir compartint-vos el que hem passa pel cap, mentrestant ús envio una abraçada molt forta.
GRÀCIES PER SEGUIR-ME!
Mikrotik as a PPTP server for Android
Two years ago I installed a Mikrotik Cloud Switch and lately I stoped my pfSense and I started using that switch as my network router, firewall and also as a switch. RouterOS is really powerful and allows to do a lot of things with that hardware. One of those things is set-up a VPN server based on PPTP. This is not the most secure way to create VPNs but usually the only requirement is a little bit of security on top of an IP over IP service that allows us to use local service when we’re in remote. In my case I have a lot of services in my LAN and I need some of them when I’m out of home specially I need to use them from my mobile phone.
Next steps describe how I set-up a PPTP server on my Mikrotik server allowing my Android 6 device (Huawei Mate 8) to connect to my home services through the VPN. Bellow you have a simple schema representing the schenario of the solution:
I’m only going to describe steps from the web console, of course, all those steps can be done using Winbox or the command line. To be honest I’m not used to RouterOS CLI but I think it’s not difficult to figure out the CLI commands to get the same result.
First step is set-up a pool of IP addresses to be assigned to the tunnel endpoints.
Thanks to an ARP proxy those IP addresses will be available like local IPs, this is transparent for the VPN configuration.
configuration of connection profile is done inside “Profiles” tab:
first of all create a new profile called “default-encription”:
and another profile called “pptp-profile”:
“Secrets” tab is where you have to manage users, in my case only two users are created:
configuration details about my user are:
Inside PPP menu there is a button with a label “PPTP server” click there…
… and copy next settings:
Don’t forget to check that your PPTP port is accessible from your public IP address. Remember it’s 1723/TCP.
Android configuration is simple, first of all go to “settings” icon. Look for a “More” section bellow network options, and you’ll find VPN managment. Add a new connection, define a name, the type and the IP address and leave the rest by default. After that when you come back to VPN list you’ll find your new VPN in the list, click there and just set-up your PPTP credentials.
If you have some trouble the only thing that you can do is go to Mikrotik logs or start sniffing to figure out where is the problem. I had to do some tests before it was working but in the end everything was so simple like I explained here.
Good luck and enjoy it.
Thanks to next blog entries to inspire me:
- How To Set Up PPTP Server on Mikrotik
- Step by Step: How to configure a PPTP VPN Server on Mikrotik RouterOS
Remove old kernels when there is no space in /boot
The first step is get some space in the partition “/boot” because without that it’s impossible to do anything.
So go to /boot and remove some “initrd” files as they are the biggest ones. A few of them will be enough.
After that a good point is to ensure there is no partial installation pending to finish:
apt-get -f installNow it’s a good idea to purge all kernels except the running one:
dpkg -l 'linux-*' | sed '/^ii/!d;/'"$(uname -r | sed "s/\(.*\)-\([^0-9]\+\)/\1/")"'/d;s/^[^ ]* [^ ]* \([^ ]*\).*/\1/;/[0-9]/!d' | xargs sudo apt-get -y purgeTo avoid that in future before filling the partition, it’s a good idea to install and run periodically: purge-old-kernels. Installation and example of use are:
# installation apt-get install bikeshed # keep three old kernels: purge-old-kernels --keep 3 # if you want to put that in the crontab use that command purge-old-kernels --keep 3 -qy
If you’re a Grub user don’t forget to run:
update-grub2Personally I have a nightmare with that problem and Ubuntu, especially with version 12.04 which is installed in a lot of servers that I manage. I repeated the previous process a lot of times and in the end, I decided to document it because I always have to go to Google and find the proper steps to solve that problem.