Net-SNMP configuration for non-root AgentX application

It is imperative to run the application when developing it. You may be testing it, debugging it or troubleshooting something. By default Net-SNMP uses named socket for AgentX communication which does not allow a non-root user to connect making troubleshooting difficult. There are security reasons for not allowing this kind of widely open access so do not set this up in your production environment. There are other ways to control the access which I will narrate in future posts.

To enable AgentX and allow non-root applications/Agents to connect to snmpd you can setup TCP socket as follows. TCP socket provides a cleaner access and allows easier troubleshooting e.g you could capture network traffic between snmpd and the AgentX application. Update /etc/snmp/snmpd.conf and ensure that following directives are set for TCP based AgentX communication.

rocommunity public default # or whatever community string/access control you want
master agentx # Run as an AgentX master agent
agentXSocket tcp:localhost:705 # Listen for localhost network connections instead of /var/agentx/master

Restart snmpd (/etc/init.d/snmpd restart)

Alternate is to set correct permissions for /var/agentx/master named socket or whatever you have configured.

Capture local network traffic for multi-homed host

If both end-points of a socket are on local system, network traffic will be seen on loopback interface even if applications are using non-loopback interface (e.g. eth0, wlan0…). Capturing data over loopback is quite obvious. But here I am discussing that applications are using one of the external interfaces (e.g. eth0, eth1, wlan0 …..).

Since both end-points are on  local system, kernel will shunt the traffic and not send it to the wire. The data will be delivered internally by queuing it to the read queue of other end-point. So we cannot capture the traffic on that particular interface, but this traffic is visible on loopback interface. Lets see an example.

I use netcat for setting up our test client and server program. nc -kl 9090 will run server on all interfaces on port 9090. And nc 9090 will setup a client. Here is the external IP of my system(wlan0). Now instead of using the interface name associated with that IP (in my case wlan0), we have to use loopback interface lo to capture the traffic as below.

tcpdump -i lo tcp port 9090

Now anything that is typed on the client terminal when sent will be seen by tcpdump. Problem solved.

VPN : Connecting to Nortel VPN from Linux

I moved to Ubuntu full-time a while back. See the first part Migrating from Windows to Linux. But VPN into my office from Linux remained an open issue because my organization uses Nortel Contivity. Ubuntu comes with vpn client but that does not work with Nortel. Then I found vpnc-nortel branch of vpnc open source project that can connect to Nortel vpn servers. In this series I will explain how to connect to Nortel VPN from Ubuntu. You may need to tweak few of these instructions for your favourite Linux version. I am on Ubuntu 11.10 x86_64, using vpnc version 0.5.3-481.

Continue reading

Migrating from Windows to Linux

What would one need to move off of Windows in corporate world? A replacement for Microsoft Office Suit. Linux has LibreOffice as replacement for MS Word, Excel, Power Point etc. If you are a power user of these tools then it will be difficult to migrate to LibreOffice but hey that is a start. If for Outlook, your organization provides access via WebMail interface, then you are in clear with using any email client on Linux that supports Pop or IMAP by making use of DavMail. Though Evolution support a direct access to WebMail or even MAPI, but Evolution itself is very thick and sometimes slow. Then came out Ubuntu 11.10 which provides Thunderbird as the default email client with integration to desktop and Unity. Perfect.

Here is the list of replacements that are available on Linux. I will cover setup for DavMail and Thunderbird in another post. Continue reading

Most often used Network Sniffer flags for tcpdump and snoop

Most often used flags for tcpdump and snoop are below. Snoop is for SunOS while tcpdump is available for mostly all Unix/Linux kinds. We will discuss filters in another post. And to read back and process the captured files, I use wireshark which provides lots of options to deep dive into the packet stream.

Purpose snoop tcpdump Description
Select Interface -d <iface> -i <iface> Not needed if system has only one interface (ignoring localhost)
Capture full -s 0 -s 0 Snap length controls how much to capture. Zero means capture all.
Write capture to a file -o <filename> -w <filename>
Avoid DNS lookups for IPs in capture -r -n So no DNS lookups are performed when displaying real-time capture, good for efficiency

Continue reading

bash : Automate add/modify/delete of cron jobs from a script

If you have auto installing packages there could be times when a cron job needs to be added. So the script has to be able to create new cron entries or delete old ones. One solution is to create temporary files in between to hold the other unaffected cron entries that are currently installed, add the new entry and then install this file using crontab. Creating of temporary files should be avoided in between as there are risks. So here is an elegant solution which uses piping in the output of multiple commands.

To remove already existing cron job (rdate for user unixite in example below) use a syntax like

crontab -l -u unixite | grep -v rdate | crontab -u unixite -

This pipe chain lists the existing crontab entries, removes any containing the string rdate, then reloads the resulting data by piping it back to crontab of user unixite. “-” is for reading from the stream or terminal (see Note below). No useless temporary file, no security risk.

To add new crontab entries Continue reading