Linux IP accounting

Time for some more statistics. Say your box runs as a router and you want to monitor which pc of your lans talks to whom from the outside world…how many bytes, packets, flows, etc…or say you use your box at home for p2p applications and want to monitor what’s going on…more than just keeping track of your traffic. That’s where IP accounting comes handy.
I applied IP accounting at my gentoo box at home. What I needed was inside this excellent documentation. Basically one needs fprobe, to export flows from linux in netflow format, flow-tools to collect those netflows, and FlowScan to process the flow files. Most tools are easily emerged…but remember NOT to emerge flow-tools. If you do that you will have problems with Cflow. Do as the documentation says, download flow-tools from their site, ‘make install’ it and go inside the contrib dir, untar Cflow-1.051.tar.gz and do as the documentation says for it. Most other things are rather straightforward.
One usefull shell script I wrote with the help of Angelos was this:

echo "<pre>" > /var/netflow/scoreboard/stats.html
/usr/local/netflow/bin/flow-cat -p /var/netflow/ft/ | /usr/local/netflow/bin/flow-stat -f10 -S4 -n | head -n 50 >> /var/netflow/scoreboard/stats.html /usr/local/netflow/bin/flow-cat -p /var/netflow/ft/ | /usr/local/netflow/bin/flow-stat -f8 -S3 -n| head -n 50 >> /var/netflow/scoreboard/stats.html echo "</pre>" >> /var/netflow/scoreboard/stats.html

It creates an html file with 2 top-X lists…
The first one is: a report on top source/destination IP pairs sorted by octets
and the second one is: a top destination IP address report by sorted by outbound traffic
I find it really usefull and I’ve added it to my crontab to run every 5 minutes.

It works for me…try it if you wish and comment with your results…

P.S. I think flow-tools was the first package I had to install manually in my gentoo box since the day I’ve installed it. I think it is possible to create an ebuild to overcome the problems with Cflow…but I was too bored…anyway…have fun with IP accounting.

Simple Port Accounting – part 2

A small addition to the previous post about port accounting with iptables and mrtg.

A new script to count tcp and udp connections.

$NETSTAT -ant | grep -v LISTEN | grep -v Active | grep -v Proto | wc -l
$NETSTAT -anu | grep -v LISTEN | grep -v Active | grep -v Proto | wc -l
$UPTIME | awk '{ print $3, $4, $5 }'

and the part that goes inside your mrtg.conf

Target[conns]: `/etc/mrtg/`
Options[conns]: growright, nopercent, gauge
MaxBytes[conns]: 20000
Title[conns]: Connections
YLegend[conns]: Connections
LegendI[conns]:  TCP:
LegendO[conns]:  UDP:
ShortLegend[conns]: conns
PageTop[conns]: <h1>Connection Stats </h1 >

enjoy 🙂 It works for me..I hope it works for you too 🙂

American Judges are nothing more than farmers

Where do american people study to become judges ? How can so foolish people become judges ? Just check this news from a Minessota court…

A Minnesota appeals court has ruled that the presence of encryption software on a computer may be viewed as evidence of criminal intent.

Read about this hilarious matter.. I don’t care if the guy was in child pr0n industry…let him rot in jail…but PGP is NOT evidence that someone is using the power of the dark force to conquer the world. Make this judge a favour and sent him home to farm his fields…


another message on a wall

greeks only too…

I don’t need to comment on it 🙂

Introduction to TOR

Today I’ve decided to use Tor a bit. One can say it’s an anonymity tool…but it’s not only that. It’s something more like an underground internet community. You can read an excellent article about Tor too.

Some quotes from the Tor site:

Tor: An anonymous Internet communication system

Tor is a toolset for a wide range of organizations and people that want to improve their safety and security on the Internet. Using Tor can help you anonymize web browsing and publishing, instant messaging, IRC, SSH, and more.

Your traffic is safer when you use Tor, because communications are bounced around a distributed network of servers, called onion routers. Instead of taking a direct route from source to destination, data packets on the Tor network take a random pathway through several servers that cover your tracks so no observer at any single point can tell where the data came from or where it’s going. This makes it hard for recipients, observers, and even the onion routers themselves to figure out who and where you are. Tor’s technology aims to provide Internet users with protection against “traffic analysis,” a form of network surveillance that threatens personal anonymity and privacy, confidential business activities and relationships, and state security.

To the point…Using Tor and privoxy you have access to what’s inside the Tor network. There are hidden wikis, book collections and even more.
This link goes to Tor Network Hidden Wiki and this one goes to KIRA – online list of Tor featured sites.
Notes from the Underground is pretty cool too.

The complete details of connecting to the Tor world are here: Tor Documentation
Oh…if you want anonymous P2P with Tor…check this page about Tor+azureus.
Check this graffiti I’ve found while surfing a site inside the Tor network…I think that it’s great…

P.S. This was posted using the Tor network…my apache logs are clear about this 🙂

Bluetooth + Gentoo + SE K700i

Today I’ve done some first steps in connecting my new phone (sony ericsson k700i) to my box. I’ve borrowed a bluetooth usb dongle from a friend (thnx a lot chrys!) and started playing with it. First thing to do was read what was already documented. Starting at “HOWTO mobile phone, Bluetooth and GNOME” you can easily get a general idea on what’s needed. But there’s a major part missing… the creation of the correct devices.
That’s done by:
cd /dev && mknod rfcomm0 c 216 0 && mknod rfcomm1 c 216 1 && mknod ttyU0 c 208 0 && mknod ttyU1 c 208 1

Following the tutorial above, after having created the proper devices as stated above, is really easy to send files to your phone through nautilus. Just open it and “Send via bluetooth”.
When I have the time I will write about command line sending and receiving files.

Playing midi files at Gentoo linux

My new phone, Sony Ericsson K700i, supports polyphonic ringtones, mp3 or midi, so I downloaded a few from the internet and I wanted to upload them to the phone. Before doing so I also wanted to listen to them on my box. I had never tested playing midi files on my box so far so when I tried listening to them “out-of-the-box” I ran into problems.
I started reading Gentoo Linux ALSA Guide again.
Basically I just had to:
#emerge awesfx

and then load a soundfont … which is a good soundfont though ? Googling around I came up to this site which has a lot of information on soundfonts and has 2 great soundfonts available for linux. They might be BIG…but it’s worth it if you want extra high quality. The difference between those offered at PersonalCopy and the one provided by creative and included at alsa-project is just HUGE.
Just try them with:
# asfxload 8MBGMSFX.SF2
# asfxload UNISON.SF2

and play the same file…You’ll hear the clear difference.
You can use kmid to play the files and/or a collection of midi files. Don’t forget to choose your midi output device though…
# aplaymidi -l will give you the complete list of midi devices in your box. Before choosing the “correct” midi port in kmid try all out with:
# aplaymidi -p midi:port file.mid

Image Editing with gimp

I have just bought my new digital camera…and I want to be able to “play” with it as much as I can. There are stuff you can do with the camera…and stuff you can do at your box. Most photo editing tutorials are about photoshop and other windows utilities. This one provides some helpfull tips for editing pics with gimp. More gimp tutorials can also be found here, here, here, and here.
Some more interesting links:
How To Work With Your Digital Camera’s Histogram
The Arithmetic of Printing Images
Understanding Resolution

I hope that’s enough food for thought and practice for now…

Oh btw…I’ve “installed” Internet Explorer in my Gentoo Linux…for..”fun”…Just follow this nice tutorial if you want to learn how to do it. It’s simple…and useless 🙂

Message written on a wall

Greeks only…
Just check this and tell me if it isn’t great or what ? It’s written in a wall about 200m from my house…

The revenge of Internet Explorer

Who thought that my e-banking troubles were over? huh…
Today when I logged in I saw that I was able to create client certificates to verify money transfers. I can’t do money transfers without this certificate that the bank provides. So…I clicked on a few links with firefox…and ooooops…ERROR…I couldn’t create a certificate with firefox. It couldn’t find the “proper” security devices. I tried with my firefox @ work where I have windows installed. Same error. Then it was time for Internet Explorer. click click click…and I had a perfect certificate. I couldn’t export it though to use it with firefox. So Eurobank forces me to use Windows and IE to make money transfers. I DID NOT SIGN THAT on the agreement. I don’t have the money to buy windows @ home, I use Linux, period. It’s tooooooooo bad that they have some nice security features on their site…like virtual keyboard for typing passwords with a mouse, so you can’t get “sniffed” but they can’t make their site usable for all users.
I am going to call them tomorrow to ask them what can I do, if there is any hidden “link” that works with firefox and can provide me a client certificate…else…I will start looking for a new bank with better e-banking methods that will fully support Linux…and transfer my money there. What’s the use of having my money in a place I can’t “access” them ?

That’s the error message I get (it’s in Greek, sorry):


I’ve just updated WordPress to 1.5.1. It supposedly has a lot of bugfixes…we’ll see. Anyway…to the point..

Today I’ve finally activated my e-banking account. The process was quite long…I had to go to a bank, sign some papers, then wait 4 days for a courrier to come and give me my passwords. After doing that I had to activate the account via telephone. But wait…I didn’t have telephone-banking enabled…so another 2 day delay until my telephone-banking account was enabled, and then I could finally enable my e-banking. When I first logged in I saw a very stupid page warning me that I should click on “the yellow locker in Internet Explorer” to make sure I was inside the right domain, bank’s domain.
– Well I don’t have IE…what should I do now master ?
– Use the force and click “CONTINUE” young Luke….
I clicked once…clicked twice…opened the url in another Tab…another Window…nothing…the frame would not let me go. I guess it had a special IE thingie that was not satisfied by my Firefox’s “click”…
Anyway…I closed the window…and tried re-logging in. No stupid welcome screen. Yuppi!
Browsing around, it felt like working. But I can’t be sure unless I have to transfer money to another account…then I shall see if I have one more of those stupid “use IE only please” warnings. I have the bank documents I signed in front of me…I see nowhere any term forcing me to use IE or windows only. Is e-banking only for the “serious” windows users ?
Oh and what’s the name of the bank ? Eurobank!
From the other hand it’s the only bank in Greece that offers the creation of digital certificates in order to make money transfers, and not a bunch of passwords that you have to change all the time.
So the score is… 1-1