> bothered to put a sniffer on it, but the theory was that it had to keep
> checking in with the mothership!
If they have an OR-U at their end, just install a filter like "everything"
and run ptrace against it. Instant sniffer... Here's an example from
one of our remote OR-Us:
xxxxx> sh filter everything
1 deny aaa.bbb.ccc.1/32 0.0.0.0/0 ip
2 deny 0.0.0.0/0 aaa.bbb.ccc.1/32 ip
3 permit 0.0.0.0/0 0.0.0.0/0 tcp
4 permit 0.0.0.0/0 0.0.0.0/0 udp
5 permit 0.0.0.0/0 0.0.0.0/0 icmp
(rule 3 could be set to "permit" negating the need for 4 and 5, but I
prefer to be explicit wherever I can)
Where aaa.bbb.ccc.1 is the address of the OR-u itself (make sure you
already know it's not the OR-u doing the talking *8-). If you want to see
if it's the router doing the talking, set up another filter called
something else, and make it look like this:
add filter justme
set filter justme 1 deny tcp estab
set filter justme 2 deny aa.bb.cc.1/32 ww.xx.yy.zz/32 tcp dst eq 23
set filter justme 3 deny ww.xx.yy.zz/32 aa.bb.cc.1/32 tcp dst eq 23
set filter justme 4 permit aa.bb.cc.1/32 0.0.0.0/0
set filter justme 5 permit 0.0.0.0/0 aa.bb.cc.1/32
save filter
set console
ptrace justme
aa.bb.cc.1 is the OR-u, ww.xx.yy.zz is the machine you're telneting into
the OR-u from.
Telnet in, set console, ptrace everything, and watch for crap being sent
out. It's amazing how noisy some equipment can be if not properly tamed.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
| Jason Marshall, marshalj@spots.ab.ca. Spots InterConnect, Inc. Calgary, AB |
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.
Searchable list archive: <URL:http://www.livingston.com/Tech/archive/>