7
I threw it together pretty haphazardly, but it seemed pretty reliable while I was using it. Please feel free to redistribute the script and change it. Instructions in the header of the script below. This script depends on python-libpcap bindings.
***UPDATE 2011-02-12***
Whoops, was very busy at work, kinda left this to die before finishing it... I've been able to set up a complete INE topology using this setup, and can live packet capture on any link in the topology remotely.
Update List:
- Bidirectional forwarding should actually work again...
- Should be much more resilient against problems, and give more helpful errors.
- Fixed a problem where it wouldn't accept frames from IOU, even if it was off segment.
Its been tested with the following scenarios:
- IOU <> Switch
- IOU <> Switch <> IOU
- IOU <> Switch <> Physical Router
- IOU <> Virtualbox VM
- IOU (ethernet, frame relay, ppp, hdlc) > packet capture
***UPDATE***
I fiddled with the script a bit so it can work with serial interfaces (if you tried it before there would be a feedback loop and it would kill your CPU). You can now specify bidirectional / unidirectional in the IFMAP file ( | for bi, > for uni ). Unidirectional means its only forwarded from IOU to the socket, not the other way around.
Additionally, I made a second set of scripts to do remote packet capture over SSH. The first script (changeL2.py) is just used to force the datalink header in the pcap file to your datalink type of choice. It is used as an intermediary in a pipeline:
tshark -i vboxnet0 -w - | python -u changeL2.py fr | tcpdump -r -
Would be able to decode frames that came from a frame relay interface.
The second script (remoteCapture.bat) is just an easy wrapper for piping this to your windows box. This script requires SSH and wireshark be installed and in the system PATH (ie, you can open cmd and type ssh or wireshark and they'll work). You'll need to open it up and tell it the hostname of your linux box, the username, and the path of the changeL2.py script. I'd also recommend using public key authentication for ssh, so you don't have to type the password in everytime.
Usage: remoteCapture.bat <interface> <encap>
EX: remoteCapture.bat vboxnet5 ppp
Would live capture the vboxnet5 interface with ppp encapsulation forced.
I like using the virtualbox host only interfaces because they are 1. easy to create loopbacks, 2. don't interfere with eachother, and 3. you can hook up IOU to VMs / olives with it. If you've installed virtualbox 4.0 on your linux machine, just type VBoxManage hostonlyif create to make a new one, and ifconfig vboxnet# up to make it appear.
I haven't done extensive testing on these at all (I've just thrown them together in spare time), and the code is at a 1rst grade level, so I'm not sure on how many systems it'll work. I figured I'd throw it out there if it'd help someone, though.
The script to connect IOU instances to interfaces:
Updated 2011-02-12
The changeL2.py script:
The remoteCapture.bat script:
Best of luck!
Edited by colonelpanic, 12 February 2011 - 10:27 PM.
