Replay a tcp packet captured by wireshark

To replay a tcp packet cpatured by wireshark, you can use either tcpreplay/bittwist tools


Example1:

tcprewrite --infile=capturedtraffic.pcap --outfile=temp.pcap --srcipmap=0.0.0.0/0:192.168.1.15 --enet-smac=00:0c:29:de:78:42

tcpreplay --intf1=eth0 temp.pcap

sender source MAC is set to 00:0c:29:de:78:42


Example2:

bittwiste -I arp-packet.pcap -O fake-arp.pcap -T arp -o 2 -s 00:00:aa:bb:cc:dd -p 192.168.1.1 -t 00:08:55:64:65:6a -q 192.168.1.20

input file: arp-packet.pcap

output file: fake-arp.pcap

The sender MAC address is set to 00:00:aa:bb:cc:dd; a non-existent MAC address on the network.

bittwist -i vr0 fake-arp.pcap sending packets through vr0 trace file

Find the IP address of the client in an SSH session

1) SSH_CLIENT
shows the address of the client system, the outgoing port number on the client system and the incoming port on the server.

Ex:
echo $SSH_CLIENT
10.10.10.211 63956  22

2) SSH_CONNECTION

Identifies the client and server ends of the connection.
The variable contains four space-separated values: client IP address,
client port number, server IP address, and server port number.

Ex:
echo $SH_CONNECTION
10.10.10.211 63956 172.16.32.11 22

3) SSH_TTY

This is set to the name of the tty (path to the device) associated
with the current shell or command.  If the current session has no tty,
this variable is not set.

Ex:
echo $SSH_TTY
/dev/pts/22

4) Set your own .bashrc

userIP=`echo $SSH_CLIENT | awk '{ print $1}'`

 if [ "$userIP" = "x.x.x.x" ]

 then

        echo "It's my machine IP"

        source /home/bob/.bashrc

 fi

Using this feature you can set your own .bashrc

Fragmenation offset

Fragment Offset

The fragment offset field is measured in units of eight-byte blocks. It is 13 bits long and specifies the offset of a particular fragment relative to the beginning of the original fragmented IP datagram. The first fragment has an offset of zero. This allows a maximum offset of (213 – 1) × 8 = 65,528 bytes, which would exceed the maximum IP packet length of 65,535 bytes with the header length included (65,528 + 20 = 65,548 bytes).

From <https://en.wikipedia.org/wiki/IPv4#Header>

Why we need to divide fragment offset by 8?

Total length of the packet ( 2^16 -1) = 65535 bytes. If the fragment offset is 16 bits then we

Can keep  fragment offset as it's because 2^16 bytes is 65535 (Total length of the packet)..

We can only specify 8192 bytes (2^13) as maximum value of fragment offset. Only if we multiply 8192*8=65536 we will get the total length of the packet.

 So whenever we mention fragment offset we need to divide total size of the packet by 8.  Because in case if the packet size is 65535 byes we can't mention it because the maximum value of the fragment offset is 8192 bytes(2^13)

SVN useful commands

1) To see the list of files changed between 2 revisions

svn diff  -rX:Y 

svn log -v -rX:Y

X - Revision1
Y- Revision 2

Example:

 svn diff  -r11995:12159 

2) To checkout a branch

svn checkout  <branch name>

Example:

svn checkout https://xyz.com/testCode

3) To checkout a specific version

svn checkout -r "revisionNumber" "url"

Example:

svn checkout -r 12345 https://xyz.com/testCode

Windows shortcut to Mute/unMute volume

you can create a Master Volume Shortcut and also assign a Shortcut Key.

Right click on a empty area on desktop, and click on New and Shortcut. 

Paste the following in to the location of the item area:-

%windir%\System32\SndVol.exe -f 49825268

Click Next button and give a name to the Shortcut and click Finish.

Now You right click on it and select Properties.

Click Shortcut tab.

Assign your desired shortcut key like F8 or F9 in the Shortcut Key area.

Click OK/Apply.

Decoding Machine check register exception

Dump

CPU 0: Machine Check Exception: 0000000000000004

CPU 1: Machine Check Exception: 0000000000000005

      Bank 5: b200000802000e0f

Kernel Code snippet:

rdmsr (MSR_IA32_MC0_STATUS+i*4,low, high);  - reads the values of 64 bit machine check registers

        if (high & (1<<31)) {

            if (high & (1<<29))

                recover |= 1;

            if (high & (1<<25))

                recover |= 2;

            printk (KERN_EMERG "Bank %d: %08x%08x", i, high, low);

if (recover & 2)

        panic ("CPU context corrupt");

Decoding : 

( Reference Document)

You will need to browse to Intel’s website hosting Intel® 64 and IA-32 Architectures Software Developer Manuals. There, download a manual named “Intel 64 and IA-32 Architectures Software Developer’s Manual Combined Volumes 3A, 3B, and 3C: System Programming Guide”.

(Reference: https://vmxp.wordpress.com/2014/10/27/debugging-machine-check-errors-mces/comment-page-1/)

IA32_MCi_STATUS MSRS

Each IA32_MCi_STATUS MSR contains information related to a machine-check error if its VAL (valid) flag is set.

Bank 5: b200000802000e0f  - In hex format

63 62 61 60 59 58 57 56 55  54 53      52 - 38                37   36-32         31 - 16                     

1    0  1   1   0   0  1    0  0     00        000000000000000  0    01000   0000 0010 0000 0000   

 15  - 0

0000 1110 0000 1111  ( Bank value in binary format)

63 -  VAL -MCi_STATUS register valid

61 - Uncorrected error

60  - Error reporting enabled

57 - Processor context corrupt

Model specific errors   ( 16 – 31 bits) - Model-specific error code field, bits 31:16

27-25 bits - Bus queue error type

000 for BQ_ERR_HARD_TYPE error

001 for BQ_ERR_DOUBLE_TYPE error   --  It’s Double bit error detected on data read in our case

010 for BQ_ERR_AERR2_TYPE error

100 for BQ_ERR_SINGLE_TYPE error

101 for BQ_ERR_AERR1_TYPE error

0 -15 -  Specifies the machine-check architecture-

defined error code for the machine-check error condition detected

IA32_MCi_Status [15:0] Compound Error Code Encoding

Configure webserver in Virtual box

Guest OS: Ubuntu 15.04

Host OS:   Windows

1) Install apache in webserver

         sudo apt-get install apache2

2) Check the status of webserver

            sudo service apache2 status

3) Configure a static file of your own

       sudo vi /var/www/html/hello.txt

4) To access the webpage from host OS, you need to configure " Host-Only adapter" in adapter settings

settings->Network->adapter1

5) After adpater settings check for interface IP inside VM ( Mostly its in 192.168.*.* range). Also ping the IP from host OS to validate the IP connectivity.

6) Access the configured static webpage from host OS

  http://192.168.*.*/hello.txt

Virtual box VM communication

In order to communicate between the VM's and also to connect to  an internet, please follow the below steps

1) Select Settings->network-> Attached to :Internal network from virtual Box GUI

2) Once VM boots up, we need to configure static IP's for an interface  to communicate between the VM's.

You need to stop networking service in VM's from resetting an interface.

3) Suppose if you want to connect to an internet  you need to configure NAT network 

File->preferences->Network  and add NAT networks