Posts Tagged networking

tcpkali, TCP load generator

tcpkali is a lightweight and  easy-to-use tool that allows you to generate a traffic load with multiple TCP sessions. You push the load in one or both directions at the same time. Also the tool works easily over a NAT’ed connection. This tool is great if you need to test QoS for VoIP applications.

Here’s an example of a bidirectional load test:

# listening machine: listen on tcp port 8000, send traffic, and use 4 threads.
# the program will exit in 1 hour.
tcpkali -l 8000  --listen-mode=active -m X -T 1h -w 4

# connecting machine: send traffic using 4 threads and 10 simultaneous sessions
# for 1 minute
tcpkali 192.168.1.109:8000 -m Y -c 10 -T1m -w 4

The above test between directly connected PC Engines APU2 boards has shown 1Gbps of traffic, and the average CPU load was about 50%.

Also here are the packaging instructions for Debian, and a 64-bit binary package for Debian 8.

, , , ,

Leave a comment

Quick IP prefix calculation

It’s a quite common task that you need to translate an IP address into a prefix — for example, when creating an IP prefix list from a set of addresses. Here’s a simple Perl script that helps it:

sudo apt-get install libnetaddr-ip-perl
cat >getprefix.pl <<'EOT'
use strict;
use warnings;
use NetAddr::IP;
if( scalar(@ARGV) == 0 ) {
    die("Usage: $0 PREFIX ...");
}
foreach my $pref (@ARGV) {
    my $ip = NetAddr::IP->new($pref) or
        die("Cannot create NetAddr::IP from $pref");
    print $ip->network()->cidr(), "\n";
}
EOT

# testing
cat >/tmp/x <<'EOT'
10.1.1.1/23
192.168.5.3/28
EOT

cat /tmp/x | xargs perl getprefix.pl | awk '{print "set ", $1}'
set  10.1.0.0/23
set  192.168.5.0/28


, ,

Leave a comment

3G connectivity for PC Engines APU (MC8775)

PC Engines’ APU board has its mPCIe slot 2 wired to the SIM card socket, which allows using any standard mPCIe 3G modem. Most of modern modems are quite expensive, but there are plenty of Sierra Wireless MC8775 cards at aliexpress.com for around $20 apiece. This is a decent hardware, manufactured around 2007-2011. It doesn’t deliver the highest UMTS speeds possible, but still can be used in situations where speed is unimportant.

The cards that I bought came with firmware version 1_1_8_15, dated 2007/07/17. I didn’t test it fully, but there are some failure reports in the internet.

The firmware upgrade requires an adapter with a SIM card slot. I got mine from this eBay seller.

This page describes the firmware upgrade process. The links to istudioz.net are still valid, but you need to remove # (%23) from the URLs. The 3G watcher for the AirCard 875 is unavailable at its original place, but easy to find with Google. I got mine at this site. The upgrade requires a 32bit Windows machine, and takes about 20 minutes. I upgraded the firmware successfully with my old Vista laptop.

Also I bought the 3G antenna and the pigtail cable at aliexpress.

After inserting the 3G modem into mPCIe slot 2 and booting Debian Wheezy, the device was immediately visible as three serial USB interfaces (/dev/ttyUSB0  /dev/ttyUSB1  /dev/ttyUSB2). ttyUSB0 is used for data, and ttyUSB2 can be used for controlling the device with AT commands. The command “AT^CARDMODE” will tell if the SIM card is inserted, and “AT!GSTATUS?” displays the network status information. “AT+GMR” displays the current firmware version. Ctrl-a Ctrl-x sequence will finish the picocom session.

apt-get install -y wvdial picocom
picocom -b 115200 /dev/ttyUSB2 
AT^CARDMODE
AT!GSTATUS?
AT+GMR
Ctrl-a Ctrl-x

The following /etc/wvdial.conf works with Sunrise.ch 3G network:

[Dialer Defaults]
Modem = /dev/ttyUSB0
Baud = 460800
Init1 = ATZ
Init2 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
Phone = *99#
Username = ''
Password = ''
Ask Password = 0
Stupid Mode = 1
Compuserve = 0
Idle Seconds = 0
ISDN = 0
Auto DNS = 1 

Execute “wvdial” comand from the command line, and it should immediately connect to the internet. The rest is easy: you can place wvdial into a startup script and execute it automatically at boot time.

, , , , ,

Leave a comment

DOCSIS troubleshooting: pinging and sniffing

A customer DOCSIS network had some strange issues with modem and MTA performance, and here are some simple scripts that were used for troubleshooting.

Read the rest of this entry »

, , , ,

Leave a comment

Call-home SSH scripts

Sometimes I need to set up quickly some presence in a customer network: to be able to access it remotely, or to run some network management scripts, and so on. Most of such networks are behind NAT or at least a firewall, and incoming connections from outside aren’t always easy.

But outgoing connections from a customer LAN are mostly not a problem at all. So, I bring my own small netbook and place it in the customer LAN. This netbook automatically makes an outgoing SSH connection to my central server (a VPS) and pulls an SSH tunnel so that I can access the netbook from outside.

This is a kind of a backdoor, and it makes sense to make your customer completely aware of what you’re doing.

For such purposes, I have a couple of cheapest 10″ netbooks. I’m using Acer AspireOne and some older eMachines netbooks because they were sold cheaply. Most other netbooks would fit too, but one should be careful about Linux compatibility (especially the video drivers might be a problem). They come with 1GB RAM and 160 or 250 GB hard drives. It’s quite trivial to upgrade them to 2GB RAM, although it’s not really necessary. You must only be careful about buying a new SODIMM with exactly the same clocking as the original one.

The netbooks run standard Ubuntu Linux, with SSH daemon enabled. If the user home directory is encrypted, you won’t be able to login with your public SSH keys, so better not encrypt it.

Read the rest of this entry »

, , , , ,

1 Comment

WiFi hotspot with an Ubuntu netbook

My task was to set up my Ubuntu netbook (Acer Aspire One D255E-13DQws) so that it acts as a wi-fi access point whenever I insert a USB WiFi adapter, and shares its existing connection, be it a wired RJ45 or WiFi connection on the built-in wi-fi card.

Among other use scenarios, it may be useful in hotels where only one WiFi client device is allowed in a room.

The below scenario is tested with Ubuntu 11.10, and it should work with older versions too. The TP-Link TL-WN821N is used by default, and also a Ralink3070 based adapter was working the same way.

Read the rest of this entry »

, , ,

1 Comment

IPSEC VPN connection between Racoon and Checkpoint

When connecting a Checkpoint firewall with a Linux or BSD server with Racoon software, the following error is quite typical in the very beginning of  Phase 1 negotiation:

2011-04-14 15:47:21: DEBUG: 40 bytes message received from 62.x.x.x[500] to 2
13.x.x.x[500]
2011-04-14 15:47:21: DEBUG:
30652081 6d92a9ee 00000000 00000000 0b100500 4bd389ff 00000028 0000000c
00000000 0100000e
2011-04-14 15:47:21: DEBUG: malformed cookie received or the initiator's cookies collide.

The ting is, racoon uses AES key length of 128 bit by default, and Checkpoint firewalls use AES-256 (for Phase 1 only 256-bit keys are supported).

The following configuration should fix the problem. Also “sainfo” line shows how to set AES-256 for  Phase 2:

remote 62.x.x.x {
        exchange_mode main;
        proposal {
                encryption_algorithm aes 256;
                hash_algorithm sha1;
                authentication_method pre_shared_key;
                dh_group 2;
                lifetime time 1440 minutes;
        }
        generate_policy off;
        nat_traversal force;
}

sainfo address 213.x.x.x[any] any address 62.y.y.y/24[any] any {
        encryption_algorithm aes 256;
        authentication_algorithm hmac_sha1;
        compression_algorithm deflate;
}

, , ,

4 Comments