Don’t you just love it when co-workers communicate with you in the most interesting ways???
Sorry it is so small. Click on it!
Archive for the 'sago' Category
Most vpns… in fact… all of them, are based on a client/server model. This means that all vpn clients call home to one vpn server and connect. All traffic goes through that vpn server and then gets passed on to its original destination. But what if you could have the benefits of VPN, but be able to communicate directly to other VPN peers, so without the latency and bandwidth limitations?
That is what n2n is. The supernodes are NOT servers. They merely function as a way to punch holes in firewalls. Once the firewalls are open, the edge servers (think of them as clients) can talk directly with other edge clients. Cool!
I’ve tried this, and so far the only draw back is the speed, it just doesn’t seem to be as fast as you would think it would be. I can’t find any other people complaining about it, but I’ll look into it. But so far this is the simplest vpn I’ve ever setup. Its a single command!
This past Tuesday I hosted a DNS training seminar for all the employees at Sago. It went over great! The curriculum involved:
- The difference between Caching and Authoritative DNS
- All the different types of DNS Records
- How to use dig and how to interpret it
- How to troubleshoot dns problems
- Secret DNS Tricks!
I recorded the AUDIO (sorry the audio sucks) and the BASH history for those poor souls who want to listen to me drone on for an hour about dns…. 
So I’ve found a better way to do what I did in the previous post. Instead of running a separate script to parse the arp alert logs, I have arp alert itself send the alerts! The key is this line in the arpalert.conf
action on detect = “/etc/scripts/arp-alert”
Its so simple, it just runs that script sending the information about the alert as certain arguments. With this I have more control over the formatting of arpalert messages:
In order to do this, I had to write that script, and make it executable of course. Also I had to change the running user of arpalert to root, because the “arpalert” user didn’t have permission to notify my user “kyle”. This is a much more clean solution, allowing me to make different types of alerts look different, having different timeouts and such. If you want my /etc/scripts/arp-alert you can download what I have so far here.
So I was looking around, and I wanted some sort of tool to allow me to be more aware about what was happening in the lower “bowels” of the network that I’m on with my laptop. So what is it that I want…
What I really want is some sort of mac-address based buddy list. One that would show my a list of the mac addresses talking on my network, and allow me to alias them. That would be cool.
I couldn’t find such program, but I found something kinda close, its called arpalert. If you are using ubuntu you can simply run “apt-get install arpalert” (I love ubuntu!)
kyle@kyle-laptop:~$ apt-cache search arpalert
arpalert – Monitor ARP changes in ethernet networks
You should edit the config file to your liking, but the main thing is the log file in /var/log/arpalert.log. I have it logging every interesting arp thing, because I find them interesting! You need to read up on it if you want to fully understand arpalert: http://www.arpalert.org/
So that is the first part. The second part is the piece that notifies you of something suspicious. Who wants to tail a log file all the time? For this I use something called “notify-send”. Try running it. If you don’t have it and you are running Ubuntu it will tell you that its part of the ”
So I was looking around, and I wanted some sort of tool to allow me to be more aware about what was happening in the lower “bowels” of the network that I’m on with my laptop. So what is it that I want…
What I really want is some sort of mac-address based buddy list. One that would show my a list of the mac addresses talking on my network, and allow me to alias them. That would be cool.
I couldn’t find such program, but I found something kinda close, its called arpalert. If you are using ubuntu you can simply run “apt-get install arpalert” (I love ubuntu!)
kyle@kyle-laptop:~$ apt-cache search arpalert
arpalert – Monitor ARP changes in ethernet networks
You should edit the config file to your liking, but the main thing is the log file in /var/log/arpalert.log. I have it logging every interesting arp thing, because I find them interesting! You need to read up on it if you want to fully understand arpalert: http://www.arpalert.org/
So that is the first part. The second part is the piece that notifies you of something suspicious. Who wants to tail a log file all the time? For this I use something called “notify-send”. Try running it. If you don’t have it and you are running Ubuntu it will tell you that its part of the “libnotify-bin” package. So you will need to run:
$ sudo apt-get install libnotify-bin
Try it! run “notify test”. A popup should show up! Simple! Now, we need a small program to put the pieces together and glue it. I want my popup when odd things happen. Here is the glue I wrote, modify at will:
tail -n 0 -F /var/log/arpalert.log | awk -W interactive ‘{print $8, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12}’ |
while read heading message
do notify-send -t 3000 — “Arp Alert” “${heading} ${message}”
done
I don’t think I’m done with it yet. (I want to make it give different time outs for different types of messages, and I want it to change the heading to something dynamic instead of the Arp Alert, but yea) So put that in a .sh and run it! Nothing may pop up! Try putting something new on the network and seeing if something shows up in the log. Its pretty easy to troubleshoot and modify to your liking.
