Difference between revisions of "OpenLI"

From neil.tappsville.com
Jump to navigationJump to search
m
m
 
(10 intermediate revisions by the same user not shown)
Line 1: Line 1:
  
 +
== LI Information ==
  
 +
* https://youtu.be/pRXdv-CaVjA?t=3710 LI how it works and Handover Interfaces
 +
* https://youtu.be/7p1SH8-6KtI?t=3524 NZ LI Legislation
 +
* [[NZ Legislation]]
  
 
[[Open LI Compiling]]
 
[[Open LI Compiling]]
Line 7: Line 11:
 
https://wiki.wireshark.org/jmirror
 
https://wiki.wireshark.org/jmirror
  
 +
[[OpenLI Intercept Management]]
  
=Test Cases=
+
[[OpenLI Test Cases]]
 +
 
 +
[[OpenLI Testing Tools]]
 +
 
 +
https://github.com/wanduow/openli
 +
https://github.com/LibtraceTeam/libtrace
 +
https://github.com/wanduow/libwandder
 +
 
 +
==Interfaces==
 +
Disabling NIC offloading for capturing interfaces that are not encapsulated in a vendors wrapper/header to prevent desegmentation/defragmentation
 +
<pre>
 +
/etc/sysconfig/network-scripts/ifcfg-<INTERFACE>
 +
ETHTOOL_OPTS="-K <INTERFACE> gso off gro off tso off"
 +
</pre>
 +
Enable without restarting <code>ethtool -K <INTERFACE> gso off gro off tso off</code>
 +
 
 +
 
 +
== Transferring pcaps ==
 +
Should be using keys, but if no public key is used, will need to have the password in a file that sshpass can read (it essentially runs expect looking for a 'assword' prompt
 +
 
 +
scp
 +
<pre>
 +
Crontab
 +
* * * * * /usr/bin/flock -n /tmp/openli-[LLID].lck /bin/find /pcaps/openli-[LLID]* -type f -mmin +1 -exec sshpass -f "/dir/scp-job.pass" scp -P [port] -r {} [user]@[ipaddress]:/[directory]/ \; -delete
 +
</pre>
 +
 
 +
sftp (for really simple folk)
 +
<pre>
 +
Crontab
 +
* * * * * /usr/bin/flock -n /tmp/openli-[LLID].lck /bin/find /pcaps/openli-[LLID]* -type f -mmin +1 -exec  sh -c "echo 'put {}' | sshpass -f '/dir/scp-job.pass' sftp -q -P 2221 [user]@[ipaddress]:/[directory]/" \; -delete
 +
</pre>
 +
 
 +
 
 +
sftp

Latest revision as of 01:58, 24 May 2022

LI Information

Open LI Compiling

Wireshark

https://wiki.wireshark.org/jmirror

OpenLI Intercept Management

OpenLI Test Cases

OpenLI Testing Tools

https://github.com/wanduow/openli https://github.com/LibtraceTeam/libtrace https://github.com/wanduow/libwandder

Interfaces

Disabling NIC offloading for capturing interfaces that are not encapsulated in a vendors wrapper/header to prevent desegmentation/defragmentation

/etc/sysconfig/network-scripts/ifcfg-<INTERFACE>
ETHTOOL_OPTS="-K <INTERFACE> gso off gro off tso off"

Enable without restarting ethtool -K <INTERFACE> gso off gro off tso off


Transferring pcaps

Should be using keys, but if no public key is used, will need to have the password in a file that sshpass can read (it essentially runs expect looking for a 'assword' prompt

scp

Crontab
* * * * * /usr/bin/flock -n /tmp/openli-[LLID].lck /bin/find /pcaps/openli-[LLID]* -type f -mmin +1 -exec sshpass -f "/dir/scp-job.pass" scp -P [port] -r {} [user]@[ipaddress]:/[directory]/ \; -delete

sftp (for really simple folk)

Crontab
* * * * * /usr/bin/flock -n /tmp/openli-[LLID].lck /bin/find /pcaps/openli-[LLID]* -type f -mmin +1 -exec  sh -c "echo 'put {}' | sshpass -f '/dir/scp-job.pass' sftp -q -P 2221 [user]@[ipaddress]:/[directory]/" \; -delete


sftp