Wednesday, October 24, 2012

Using tshark to troubleshoot http

Here I give an example of how to use tshark, which is a command line tool and a part of the wireshark package, to monitor http requests and responses.

On Windows, first identify the numbering of the NIC adapters, using the '-D' option:

C:\Program Files\Wireshark>tshark.exe -D
1. \Device\NPF_GenericDialupAdapter (Adapter for generic dialup and VPN capture)
2. \Device\NPF_{2F15B435-C783-4863-90AC-C9DF8B64FBE1} (VMware Accelerated AMD PCNet Adapter)

Ok, lets now look at http traffic when loading the twitter home page:
C:\Program Files\Wireshark>tshark -i 2 "tcp port 80" -R "http.request or http.response"
Capturing on VMware Accelerated AMD PCNet Adapter
0.005726 -> HTTP 867 GET / HTTP/1.1
3.067846 -> HTTP 867 [TCP Retransmission] GET / HTTP/1.1
4.577303 -> HTTP 425 GET /a/1350941601/t1/css/t1_core_logged_out.bundle.css HTTP/1.1
4.578931 -> HTTP 414 GET /a/1350941601/t1/css/t1_more.bundle.css HTTP/1.1
4.605371 -> HTTP 279 HTTP/1.0 200 OK (text/html)
4.612847 -> HTTP 615 HTTP/1.0 200 OK (text/html)
4.620900 -> HTTP 593 HTTP/1.0 200 OK (text/html)
4.631572 -> HTTP 414 GET /a/1350941601/images/bigger_spinner.gif HTTP/1.1
4.631683 -> HTTP 426 GET /a/1350941601/t1/img/front_page/city-balcony@2x.jpg HTTP/1.1
4.634542 -> HTTP 432 GET /c/swift/init.ef644480fe2a53578f7ce4eda13396e86b6fa74a.js HTTP/1.1
4.679344 -> HTTP 60 HTTP/1.0 200 OK (GIF89a)
4.679459 -> HTTP 60 HTTP/1.0 200 OK (GIF89a)
4.683034 -> HTTP 629 HTTP/1.0 200 OK (text/html)
4.702673 -> HTTP 529 GET /opensearch.xml HTTP/1.1
4.705784 -> HTTP 417 HTTP/1.0 304 Not Modified
15 packets captured

You can see above, that this clearly shows the URLs to the html, image and css files that are downloaded from the server, and the associated http response codes.

Note the use of the tshark '-R' option to specify a "display" filter, to filter out everything, but the http requests and responses, so that we can concentrate on whats happening at the http level, without things like the tcp acks causing distraction. And you may want to expand the capture filter to just specify a particular host.

Customizing grub2 boot options in Fedora 18

In days of old, with RedHat Linux, and Fedora and Centos, on servers I used to disable the default behaviour of console display blanking screen-saver by putting the 'setterm -blank 0' command into file '/etc/rc.local'. On recent versions of Fedora, you do not get a '/etc/rc.local' file, however you can create one like this:
# vi /etc/rc.d/rc.local
# chmod a+x /etc/rc.d/rc.local
# ln -s /etc/rc.d/rc.local /etc
# ll /etc/rc.local
lrwxrwxrwx. 1 root root 18 Sep 24 15:44 /etc/rc.local -> /etc/rc.d/rc.local

But this no longer seem to be an appropriate way to run  'setterm -blank 0', as the command just seems to be ignored. I tried setting my '/etc/rc.local' file to this:
# cat /etc/rc.local
/bin/date > /root/rc.local.start
/bin/sleep 5
/bin/setterm -blank 0
/bin/date > /root/rc.local.done

..just to prove the command was executing, and it was, but still the screen blanked after the timeout.

After much Googling, I found the answer was to use a kernel command line option of 'consoleblank=0'.

Now again in days of old, I would just edit '/etc/grub.conf' to set these kernel parameters, But now recent versions of Fedora are using Grub2, things have changed. I found that you can specify the kernel parameters, in file '/etc/default/grub', using the 'GRUB_CMDLINE_LINUX_DEFAULT' option.

And while I was editing the grub file, I decided to change some other settings. I wanted to disable the graphical boot splash screen, and just have a basic 'text' screen to select which kernel to boot, so I added 'GRUB_TERMINAL=console'. I also removed the 'rhgb quiet' options, as I like to see all those boot messages scrolling up the screen.

# cd /etc/default/
# cp grub grub.orig
# vi grub
# diff -u grub.orig grub
--- grub.orig   2012-10-24 10:28:28.120869824 +0100
+++ grub        2012-10-24 10:52:40.940184853 +0100
@@ -1,6 +1,8 @@
 GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
-GRUB_CMDLINE_LINUX=" rd.lvm=0 rd.luks=0 $([ -x /usr/sbin/rhcrashkernel-param ] && /usr/sbin/rhcrashkernel-param || :) rhgb quiet"
+GRUB_CMDLINE_LINUX=" rd.lvm=0 rd.luks=0 $([ -x /usr/sbin/rhcrashkernel-param ] && /usr/sbin/rhcrashkernel-param || :)"
# grub2-mkconfig -o /boot/grub2/grub.cfg
Generating grub.cfg ...
Found linux image: /boot/vmlinuz-3.6.2-2.fc18.x86_64
Found initrd image: /boot/initramfs-3.6.2-2.fc18.x86_64.img
Found linux image: /boot/vmlinuz-3.6.0-1.fc18.x86_64
Found initrd image: /boot/initramfs-3.6.0-1.fc18.x86_64.img

Ok, so lets check that worked....
# grep $'\tlinux' /boot/grub2/grub.cfg
linux   /vmlinuz-3.6.2-2.fc18.x86_64 root=UUID=9d81334c-ed70-4cc8-9279-e82eb8cdef1e ro rd.lvm=0 rd.luks=0  consoleblank=0
linux   /vmlinuz-3.6.0-1.fc18.x86_64 root=UUID=9d81334c-ed70-4cc8-9279-e82eb8cdef1e ro rd.lvm=0 rd.luks=0  consoleblank=0

In the above, note how I get grep to match for the tab character.


Thursday, July 12, 2012

Centos vlan configuration

On our Centos boxes, we start with a minimal installation, and then add additional rpm packages as required. Today, we wanted to add a vlan trunk interface on an existing box. We created the config file as follows:
# cat /etc/sysconfig/network-scripts/ifcfg-eth5.800
# Intel Corporation 82546GB Gigabit Ethernet Controller (Copper)

But when we tried to bring up the vlan interface, we got this error:
# ifup eth5.800
Device eth5.800 does not seem to be present, delaying initialization.

This was caused because the 'vconfig' program was missing, and so we had to install that package:
# which vconfig
/usr/bin/which: no vconfig in (/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin)
# yum install vconfig
# which vconfig

Then everything worked as expected:
# ifup eth5.800
Added VLAN with VID == 800 to IF -:eth5:-
# ls -l /proc/net/vlan
-rw------- 1 root root 0 Jul 12 10:35 config
-rw------- 1 root root 0 Jul 12 10:35 eth5.800
# lsmod | grep 8021q
8021q 57425 0

BTW, the above commands were run on the following version of Centos:
# cat /etc/redhat-release
CentOS release 5.8 (Final)

Thursday, July 05, 2012

AES Encryption & Decryption from the command line with OpenSSL

Today, I wanted to gain a deeper understanding of AES encryption. I have succesfully used AES encryption with ipsec vpn's. But here I want to examine what are the inputs and outputs from the AES algorithm, and do some sanity checks with test data using openssl from the command-line.

On the wikipedia page for AES, they mention, "..Test vectors are a set of known ciphers for a given input and key. NIST distributes the reference of AES test vectors as AES Known Answer Test (KAT) Vectors (in ZIP format)."

That sounds like what I need as a reference, so I downloaded:

...and selected (guessed?) file "CBCVarKey128.rsp" as suitable, because I wanted to use a 128 bit key length,

Here is one example (from 128 possible examples) from that file:
KEY = 80000000000000000000000000000000
IV = 00000000000000000000000000000000
PLAINTEXT = 00000000000000000000000000000000
CIPHERTEXT = 0edd33d3c621e546455bd8ba1418bec8

Ok, first let's sanity check we can generate the required PLAINTEXT. I'm using xxd to do this, as I explained in an earlier blog post.

# echo -n '00000000000000000000000000000000' | xxd -p -r | hexdump -C
00000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|

So the above looks good. We are generating the 16 bytes of test data, from a 32 character hexadecimal string.

Openssl allow you to specify the Key and the 'Initialization Vector' on the command like, as hexadecimal strings, using the '-K' and '-iv' parameters. Be careful, thats an uppercase K for the key. As another sanity check, it is useful to use the '-P' option, again uppercase, to get openssl to report back what it thinks are the values of the Key and IV. So lets try this:

# echo -n '00000000000000000000000000000000' | xxd -p -r | openssl enc -aes-128-cbc -P -nosalt -K '80000000000000000000000000000000' -iv '00000000000000000000000000000000'
iv =00000000000000000000000000000000

Ok, thats good. They Key and IV values are what we were expecting.
By the way, for this sort of validation check, we don't want to use a salt, hence the use of the '-nosalt' option.
Right, lets remove the '-P' and see what data comes out:
# echo -n '00000000000000000000000000000000' | xxd -p -r | openssl enc -aes-128-cbc -nosalt -K '80000000000000000000000000000000' -iv '00000000000000000000000000000000' | hexdump -C
00000000 0e dd 33 d3 c6 21 e5 46 45 5b d8 ba 14 18 be c8 |.Ý3ÓÆ!åFE[غ..¾È|
00000010 fe 3d e6 e1 86 98 08 4f 63 de e5 04 42 ff 94 d2 |þ=æá...OcÞå.Bÿ.Ò|

Oh, that strange!
I'm trying to encrypt 16-bytes, but the output is 32 bytes long!
But the first 16 bytes of output looks correct!

The answer to this is padding. If you specify the '-nopad' option, then you get the expected 16 bytes of output:

echo -n '00000000000000000000000000000000' | xxd -p -r | openssl enc -aes-128-cbc -nopad -nosalt -K '80000000000000000000000000000000' -iv '00000000000000000000000000000000' | xxd -p

Good. Thats the CIPHERTEXT output we were expecting!

If you check 'man enc' you see that the '-nopad' option, disables standard block padding. And the man page also notes "All the block ciphers normally use PKCS#5 padding also known as standard block padding".

By the way, in the above tests, the IV is all-zeroes, so we can abbreviate the command like this:

echo -n '00000000000000000000000000000000' | xxd -p -r | openssl enc -aes-128-cbc -nopad -nosalt -K 80000000000000000000000000000000 -iv 0 | xxd -p

To finish off, lets try some decryption, reversing what we did above:
# echo -n '0edd33d3c621e546455bd8ba1418bec8' | xxd -p -r | openssl enc -aes-128-cbc -d -nosalt -K 80000000000000000000000000000000 -iv 0 -nopad | xxd -p

Ok, that looks good. I think I am begining to get the hang of this!

Using openssl to generate HMAC using a binary key

If you want to do a quick command-line generation of a HMAC, then the openssl command is useful.
For example:
# echo -n 'value' | openssl dgst -sha1 -hmac 'key'
(stdin)= 57443a4c052350a44638835d64fd66822f813319

# echo -n 'value' | openssl dgst -md5 -hmac 'key'
(stdin)= 01433efd5f16327ea4b31144572c67f6

...or alternatively...
# echo -n 'value' | openssl sha1 -hmac 'key'
(stdin)= 57443a4c052350a44638835d64fd66822f813319

# echo -n 'value' | openssl md5 -hmac 'key'
(stdin)= 01433efd5f16327ea4b31144572c67f6


BUT, note in the above commands, the 'value' and 'key' are ascii strings. The above syntax is problematic if you want to specify a Binary value for the key, which does not correspond to printable characters.

This had been a problem reported in the past:

But I can report here, that certainly with openssl v1.0.0, the following method allows you to specify a binary key, by passing it as a string of hex values.

To demonstate the point, let's get the hex string equivalent of the three character acsii string 'key', so that we can use the same hashes as in the examples above. To do this, I use utility 'xxd' which does a hexdump. (For further information on 'xdd' see my previous blog posts.)

# echo -n 'key' | xxd -p

Ok, so the hex-string "6b6579" corresponds to ascii string "key".

So after reading up the man page for 'openssl dgst', we try a further alternate form of the command, like this:

# echo -n 'value' | openssl dgst -sha1 -mac HMAC -macopt key:key
(stdin)= 57443a4c052350a44638835d64fd66822f813319

# echo -n 'value' | openssl dgst -sha1 -mac HMAC -macopt hexkey:6b6579
(stdin)= 57443a4c052350a44638835d64fd66822f813319

# echo -n 'value' | openssl dgst -md5 -mac HMAC -macopt key:key
(stdin)= 01433efd5f16327ea4b31144572c67f6

# echo -n 'value' | openssl dgst -md5 -mac HMAC -macopt hexkey:6B6579
(stdin)= 01433efd5f16327ea4b31144572c67f6

Note the use of the '-macopt hexkey:string' option which allows you to specify the key in hexadecimal (two hex digits per byte).

Nice! So now we can do something like this:

# echo -n '55f80d132e8b68eb' | xxd -r -p | openssl dgst -sha1 -mac HMAC -macopt key:645a487340f4c7f0
(stdin)= 2f0928b4bb365b4a590d84960a7cd04fd2d80221

I hope to show a practical use of the above in a future blog post!

Finally, I will just confirm some details of the system that gave the above output:

# rpm -qa | grep openssl

# cat /etc/redhat-release
CentOS release 6.2 (Final)

By the way, if your wondering about the '(stdin)= ' that openssl is outputing, then see my previous blog post on this subject.

Convert a Hex dump to Binary data with xxd

In my last blog post, I demonstarted how to dump a binary file, using either 'hexdump' or 'xxd'.
In summary, we can do this:
# ls -l hash-file.bin
-rw-r--r-- 1 root root 20 Jul 4 10:05 hash-file.bin
# xxd -p hash-file.bin

Ok, what if we want to do the reverse of this.
That is to take a string of hex characters and create a binary file!
The utility 'xxd' can also do this.

To demonstrate, lets first save the hex representation into a separate file:

# xxd -p hash-file.bin > hash-file.hex
# ls -l hash-file.hex
-rw-r--r-- 1 root root 41 Jul 4 12:04 hash-file.hex
# cat hash-file.hex

Ok, here's the clever part. Note we now pass the '-r' option to xdd to 'reverse' it's operation.
# xxd -p -r hash-file.hex > new-file.bin
# ls -l new-file.bin
-rw-r--r-- 1 root root 20 Jul 4 12:19 new-file.bin
# xxd -p new-file.bin
# cmp hash-file.bin new-file.bin

So we recreated the binary file, as 'new-file.bin' from the hex dump and we proved it is identical to the file we started with.

You can also feed into xdd from the pipeline, like this:

# cat hash-file.hex | xxd -p -r > new-file.bin
# xxd -p new-file.bin

..and here are some more examples:
# echo -n 'password' | xxd -p | xxd -p -r | hexdump -C
00000000  70 61 73 73 77 6f 72 64                           |password|

# echo -n 'c0a06003' | xxd -p -r | hexdump -C
00000000  c0 a0 60 03                                       |..`.|

hexdump and xxd output compared

Here I'm working with a Centos Linux system, and I've found two seperate utility programs that can produced a hex dump. One is called hexdump and the other is xxd, and they are provided as part of two seperate packages.
# which hexdump
# rpm -qf /usr/bin/hexdump

# which xxd
# rpm -qf /usr/bin/xxd

Ok, so lets compare the output format of the hex dump with these utilities. But first we need some test data, which I'm going to generate with 'openssl'. Conveniently, openssl can output the data in either hex (the default) or binary.

# echo -n 'value' | openssl dgst -sha1 -hmac "key"
# echo -n 'value' | openssl dgst -sha1 -hmac "key" -binary > hash-file.bin
# ls -l hash-file.bin
-rw-r--r-- 1 root root 20 Jul 4 10:05 hash-file.bin

So we have our test data in a file called 'hash-file.bin'. It's 20 bytes long as it contains a 160 bit sha1 hash. Ok, let's try dumping that file and see what we get:
# hexdump hash-file.bin
0000000 4457 4c3a 2305 a450 3846 5d83 fd64 8266
0000010 812f 1933

# xxd hash-file.bin
0000000: 5744 3a4c 0523 50a4 4638 835d 64fd 6682  WD:L.#P.F8.]d.f.
0000010: 2f81 3319                                /.3.

Um, interesting!
Note the default output is grouping the bytes into 16-bit values and there is a difference in how to interpret the endianness.

Let's try customizing the output with some options:

# hexdump -C hash-file.bin
00000000  57 44 3a 4c 05 23 50 a4  46 38 83 5d 64 fd 66 82  |WD:L.#P.F8.]d.f.|
00000010  2f 81 33 19                                       |/.3.|

# xxd -g 1 hash-file.bin
0000000: 57 44 3a 4c 05 23 50 a4 46 38 83 5d 64 fd 66 82  WD:L.#P.F8.]d.f.
0000010: 2f 81 33 19                                      /.3.

# xxd -p hash-file.bin

So this is 'better' for seeing the byte sequence.

Openssl and the "(stndin)= " prefix

Recently, I've been playing around with the openssl utility. Doing things like this:
# echo -n 'value' | openssl dgst -sha1 -hmac 'key'

# rpm -qa | grep openssl

# cat /etc/redhat-release
CentOS release 5.8 (Final)

Note that I show the version and operating system I'm using. Here's why. Look at the following:
# echo -n 'value' | openssl dgst -sha1 -hmac 'key'
(stdin)= 57443a4c052350a44638835d64fd66822f813319

# rpm -qa | grep openssl

# cat /etc/redhat-release
CentOS release 6.2 (Final)

So on a more recent system, openssl has prefixed it's output with "(stndin)= ".
I'm not finding this particularly helpful for my application.
One workaround, suggested here, is to use sed to remove it, like this:
# echo -n 'value' | openssl dgst -sha1 -hmac 'key' | sed 's/^.*= //'

Wednesday, May 16, 2012

Comparing RPM packages installed on two hosts, without using temporary files

When setting up a new Linux server, it's often interesting to compare the list of packages that are installed on the new server, with the list of packages installed on an existing server. You can use the following command line, which makes use of Bash supports for process substitution, to show the difference between packages installed on the local host and on the remote host.
 # ssh root@remotehost 'rpm -qa | sort' | diff -u <(rpm -qa | sort) -

If the above command gives no output, it means that the two hosts have identical packages installed.

If you want to disregard the package version differences in the comparison, then you will need to use something like this:

 # ssh root@remotehost 'rpm -qa --queryformat "%{NAME}\n" | sort' | diff -u <(rpm -qa --queryformat "%{NAME}\n" | sort) -

Following Paul Waterman's comment, I did try out his rpmscomp Perl script, and I did find it useful. So I would recommend you also give it a try:

Also, to help in removing packages, I have found the rpmreader package useful:

Friday, May 11, 2012

Moving old Nokia ringtones to the Apple iPhone

For the last seven years, I have used the 'bach' ringtone on my old Nokia 6230i. Now I have an iPhone 4s, I wanted the option of using the same ring tone. What follows is the procedure I used. I did this all on a Windows PC, but I believe you can also use 'faac' on Linux. Note that this procedure is 'free'.

I download the Nokia 6230i ringtone "Bach.aac" from here:

I used this online service...

... to convert the "Bach.aac" to "Bach.wav".

I then downloaded "FAACv1.28 Binary for Win32" as file "" from this site:

..and unziped the archive to extract binary executable "faac.exe".

Here is the 'help' for faac:

C:\Temp>faac.exe --help
Freeware Advanced Audio Coder
FAAC 1.28

Usage: faac.exe [options] infiles ...
-q Set quantizer quality.
-b Set average bitrate to x kbps. (ABR, lower quality mode)
-c Set the bandwidth in Hz. (default=automatic)
-o X Set output file to X (only for one input file)
-r Use RAW AAC output file.
-P Raw PCM input mode (default 44100Hz 16bit stereo).
-R Raw PCM input rate.
-B Raw PCM input sample size (8, 16 (default), 24 or 32bits).
-C Raw PCM input channels.
-X Raw PCM swap input bytes
-I Input channel config, default is 3,4 (Center third, LF fourth)

MP4 specific options:
-w Wrap AAC data in MP4 container. (default for *.mp4 and *.m4a)
-s Optimize MP4 container layout after encoding
--artist X Set artist to X
--writer X Set writer to X
--title X Set title to X
--genre X Set genre to X
--album X Set album to X
--compilation Set compilation
--track X Set track to X (number/total)
--disc X Set disc to X (number/total)
--year X Set year to X
--cover-art X Read cover art from file X
--comment X Set comment to X

--license Show the FAAC license.
--help Show this abbreviated help.
--long-help Show complete help.

More tips can be found in the Knowledge Base at

I then used this command line to convert the WAV file to a M4A file:

C:\Temp>faac.exe -b 128 -c 44100 -w Bach.wav
Freeware Advanced Audio Coder
FAAC 1.28

Average bitrate: 128 kbps
Quantization quality: 100
Bandwidth: 16000 Hz
Object type: Low Complexity(MPEG-4) + M/S
Container format: MPEG-4 File Format (MP4)
Encoding Bach.wav to Bach.m4a
frame | bitrate | elapsed/estim | play/CPU | ETA
403/403 (100%)| 74.8 | 0.4/0.4 | 29.51x | 0.0

Note that I used the "-w" option so that the AAC data stream was 'wrapped' in a MP4 container.

I then renamed "Bach.m4a" to "Bach.m4r".
(Note the M4R extension is used to identify the file as a ringtone.)

And I then dragged and dropped the "Bach.m4r" file into the iTunes library.
(If iTunes fails to accept the dropped file, it means that file is not in the correct format.)

Then I synced the ringtone to the iPhone.

The following pages provided inspiration for the above: