Monthly Archives: March 2018

Junos packet capture on branch series SRXs

juniper

Performing a packet capture is easy to do on any Juniper branch series SRX.

Three sections of configuration are required: forwarding-options, interfaces and firewall. Examples are below:

set forwarding-options packet-capture file filename PCAP files 5 size 10m

set interfaces ge-0/0/0 unit 0 family inet filter input PCAP
set interfaces ge-0/0/0 unit 0 family inet filter output PCAP

set firewall filter PCAP term PCAP1 from source-address 172.16.0.0/12
set firewall filter PCAP term PCAP1 from destination-address 192.168.0.0/16
set firewall filter PCAP term PCAP1 then sample
set firewall filter PCAP term PCAP1 then accept
set firewall filter PCAP term PCAP2 from source-address 192.168.0.0/16
set firewall filter PCAP term PCAP2 from destination-address 172.16.0.0/12
set firewall filter PCAP term PCAP2 then sample
set firewall filter PCAP term PCAP2 then accept
set firewall filter PCAP term ALLOW-EVERYTHING-ELSE then accept

The result looks as such:

interfaces {
    fe-0/0/0 {
        unit 0 {
            family inet {
                filter {
                    input PCAP;
                    output PCAP;
                }
            }
        }
    }
}

forwarding-options {
    packet-capture {
        file filename PCAP files 5 size 10m;
    }
}

firewall {
    filter PCAP {
        term PCAP1 {
            from {
                source-address {
                    172.16.0.0/12;
                }
                destination-address {
                    192.168.0.0/16;
                }
            }
            then {
                sample;
                accept;
            }
        }
        term PCAP2 {
            from {
                source-address {
                    192.168.0.0/16;
                }
                destination-address {
                    172.16.0.0/12;
                }
            }
            then {
                sample;
                accept;
            }
        }
        term ALLOW-EVERYTHING-ELSE {
            then accept;
        }
    }
}

Alternatively, you can apply this filter on the loopback interface if you wish to capture all packets matching the filter criteria on all interfaces.

To read the PCAP file, simply enter into the shell and use tcpdump:

start shell
tcpdump -r /var/tmp/PCAP.fe-0.0.0

Default username for FreeBSD AWS AMIs

aws, freebsd

For most Linux flavours and *NIX variants, the username you will connect with is root. However, FreeBSD AMIs are different. Ignore what the EC2 instance dashboard tells you when looking for instructions on connecting, which will look something like this:

ssh -i "your-aws-key.pem" root@ec2-54-219-0-69.us-west-1.compute.amazonaws.com

Instead, you will want to change the username to ec2-user, as such:

ssh -i "your-aws-key.pem" ec2-user@ec2-54-219-0-69.us-west-1.compute.amazonaws.com

SSH to the ec2-user and then you can su to a passwordless root account.

Make sure you set a root password. It’s also a good idea to get rid of the ec2-user account, but create your own account and setup your SSH keys first.

Increasing the name width in Apache auto indexing

apache

Truncated names in Apache auto indexing aren’t helpful at all. With people running displays at 5k, there’s little reason to have this as the default behaviour. Alas, it still is and probably will be until the end of time. That said, it’s easy to get around this.

In out-of-the-box Apache install, uncomment the following line:

Include etc/apache24/extra/httpd-autoindex.conf

In that file, look for the following line:

IndexOptions FancyIndexing HTMLTable VersionSort

We want to add the NameWidth option, as so:

IndexOptions FancyIndexing HTMLTable VersionSort NameWidth=*

Restart your browser and reload the page and you’ll notice a much improved experience.