I have one IP say 192.168.20.1/23. I want to get the gateway from this IP, which I know would be the first IP in given network.
How can I achieve this through the shell script? The network and CIDR are keep going to change.
Related
Some of my machines (RPi or ntb for example) have multiple interfaces and multiple IP addresses assigned. Not all interfaces are always available (for example the ntb on my lap is connected to wifi, if I take it to my desk I plug it into the dockstation and it connects by wire).
Is there an option in the inventory to assign multiple IP addresses to one guest?
So far, I'm doing it by introducing two guests:
[ntb]
ntb-w ansible_host=10.0.0.50 ansible_ssh_user=user
ntb-c ansible_host=10.0.0.21 ansible_ssh_user=user
But that's not optimal. As for the ntb I get an unavailable error message (the interface is switched), but the RPi has both interfaces active and this then causes a double connection.
I'd like to configure something like that:
[ntb]
ntb ansible_host=[10.0.0.50,10.0.0.21] ansible_ssh_user=user
The first active interface would be used, and only when all interfaces are exhausted would the guest unavailability be reported. That would be great.
I have confused about UDP port reservation by using C++ function.
I'm new for network programming.
I have been tring to reserve UDP ports for my own experiment.
My target is to reserve around 500 ports for my application.
I followed this guidance here.
It is Microsoft document for blocking UDP port (from Dodcument said).
It is CreatePersistentUdpPortReservation function on C++.
As for my understanding, CreatePersistentUdpPortReservation function contacts with SIO_ACQUIRE_PORT_RESERVATION function to negotially reserve a port at runtime.
Hence, If I call CreatePersistentUdpPortReservation
function to reserve approx. 5000 ports. For example, 60000-64999 (5000) ports. Then, any services will be theoretically not able to use one of them. They will be only use other avaialable ports (For example, 56000).
To check the result of the port reservation is completed, I captured DNS traffic in the machine, which I did the port reservation function, by Wireshark. I found that one port of 60000-64999 is applied for some service in the local machine from the capture result.
So, that means CreatePersistentUdpPortReservation does not work? or I did a wrong?
I tried to find a reason to explain this problem. I re-checked many times about the function calling. It always returned 0 errorcode that means the function is worked completely. But why one of range UDP ports that I reserved is still used for other service after I did the ports reservation. Because this function did not reserve UDP port at first or the reservation time is expired ?
I am not sure about reservation time for reserving one UDP port for this function.
Also, anyone has any new idea on how to check the status of the UDP port for testing this function?
Not only Wireshark, I tried network scanner to scan the reserved UDP ports, after calling the ports reservation function. The result said the reserved port is the open state.
I am using Elastic/Filebeat/Kibana and want to monitor users who ssh into a Jump Box specifically
What IPs are they ssh'ng to
Which users are connecting to those IP's
What are the most connected to machines
Which user is creating the most outbound connections
I have the system module enabled and all I can see is "related.user" to tell me who connects to the server via ssh but that's it.
You need to adjust your configuration in order to see all the information that you want.
What IPs are they ssh'ng to?
You are missing the destination.ip, you can easily just pick it up from it. Changes are you want to write some code and you can also extract it from the ssh command itself, you can see in the command the user, other arguments, and the destination ip in there as well, but you will need to parse that list. (process.parent.args), additionally, you can get the list count, and get the last element which is usually the IP, but I think it is easier to use the destination.ip itself.
Which users are connecting to those IP's?
For this, once you have the source and destination details, you need to create the Kibana report, you can run several aggregations and add different panels. A simple aggregation by IP will show you this, it is a matter of preference how you want it displayed.
What are the most connected to machines?
The same, you first run a count on the sources, or destinations (or both), then run a max on them.
Which user is creating the most outbound connections?
Here you can do all the users at once by running a count and grouping by user, then you list in descending order.
You can see a full list of properties here (ecs fields)
Summary:
You need some extra fields, destiantion.ip, source.ip, eventually parse your arguments, then for reporting you need to count them and aggregate them, but once you have that data you can easily pull them and run the aggregations on them. I think the related user is a good one since it is the only one shown in the event itself, but how about if this user A actually uses an account B to connect to SSH, in that case you need to part the arguments from the process.parent.args .
Cheers.
I am using OMNET++ INET for Ad hoc networks. I would like to send the UDP packet to multiple end nodes so that they all receive the same packet and not that the end node is chosen randomly. How should I set the destAddress in file omnetpp.ini?
Send it to 255.255.255.255 which is the IP broadcast address. Or you can send to the local broadcast address which looks something like 10.0.0.255 (if you have an 8 bit subnet). The lower layers will know how to deal with these addresses and do the appropriate broadcast on the local network.
If you want to send to specific nodes (not to all nodes) then you should either use multicast addresses (but that's pretty complicated to set up), or you indeed need to modify the UDPBasicApp and change the behavior that it can send out also packets to multiple addresses. i.e. instead of the random selecion from the host list, you could implement a loop sending out to all addresses. Or you could keep the random selection behavior and use a different syntax to denote nodes that should be treated as a single group for sending. For example "host1,host2,host3 host4,host5" would mean: choose randomly from either host1,host2,host3 or host4,host5 and then send out the UDP packet to all hosts in the comma separated group.
One last tip: If you don't insist to use UDP, PingApp does support sending out pings to multiple hosts in the target address. It can in fact ping all host interfaces in the simulation with the * notation.
Not sure if this works for you, but I used the UdpBasicBurst node application and set the destAddresses field to 'Broadcast'.
Even after using UdpBasicBurst node application and setting the destAddresses field to 'Broadcast' I am not getting it.Could anyone have any another suggestions please
I am working on an analyzer script. It is a simple bash script that apply some logic on tcpdump sniffed capture.
My task is to find out number of concurrent sessions made by individual IPs. The logic I have applied is I have counted different source ports request by each ip for same destination IP and port i.e. 3128 as it is a proxy server.
For example, consider my dest ip is 172.31.1.1 and dest port is 3128
Now I have sniffed traffic only limited for this dest port and dest ip.
Then I have filtered out source ip and source port pair for each packet.
then I have counted number of different source port for each source IP and I think that would be equal to number of concurrent sessions made by each individual IP with this proxy server.
Now by looking at the output on a running proxy server for a 10,000 packets sample, number of sessions by each IP goes like 300,250,200 and some less also. For 1 lakh, it goes like 3000,2500 also.
Is there something wrong with my interpretation of sessions as number of concurrent session allowed by firewall is 100 per IP.
As I mentioned in my comment, if you want to know number of TCP connections from single source IP at any given time, you will need to figure out connection establishment (TCP three way handshake) and termination (four-way tear-down and reset) points. Otherwise you are counting all TCP connection, established and attempted from given IP, for the whole duration of the capture (but since ephemeral client ports could be recycled during the capture period even this count might not be accurate).
I should mention that incrementing running count of connections on a SYN and decrementing it on a FIN or RST is not going to be enough, since TCP tend to re-transmit packets. You'll need to track TCP states, so good familiarity with TCP state diagram is probably in order:
(from (http://upload.wikimedia.org/wikipedia/commons/thumb/a/a2/Tcp_state_diagram_fixed.svg/250px-Tcp_state_diagram_fixed.svg.png).