Login  Register

Re: Update to /etc/init.d/snort

Posted by Turrican on May 19, 2020; 7:48pm
URL: https://itus.accessinnov.com/FIRMWARE-Itus-Shield-v2-tp2014p2029.html

Will do when I get a chance 

Cheers


From: Grommish [via Itus Networks Owners Forum] <ml+[hidden email]>
Sent: Tuesday, May 19, 2020 7:54:02 PM
To: Turrican <[hidden email]>
Subject: Re: Update to /etc/init.d/snort
 
My network is just as convoluted :)

I go

Cable Modem -> Nighthawk X6 R8000.  From the Nighthawk (192.168.1.0/24), I go to a 48-port switch off one port for the main network and a drop to a really old DLink DIR655 (192.168.5.0/24) that has a Server 2016 machine providing the DHCP/DNS/BOOTP.  The Shield then comes off the DLink (10.10.10.0/24) and then goes to my laptop.

Do me a favor..

On the Shield, unplug eth0 and then type:

tcpdump -i eth0 -vvv -s 1500 '((port 67 or port 68) and (udp[8:1] = 0x1))' | tee /tmp/dhcplog

Then plug eth0 back in.

Give it a few seconds (or when it starts repeating), Cntl-c to stop it and then email me the /tmp/dhcplog file or post it.

Also, can you also do:
uci show > /tmp/configs

and send that as well.

This is what you SHOULD be seeing from the tcpdump
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 1500 bytes
[151542.815599] eth0: Link down
[151551.008458] eth0: 1000 Mbps Full duplex, port 0, queue 0
18:39:48.881198 IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 328)
    0.nextyourcontent.com.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from 2c:26:5f:00:00:00 (oui Unknown), lengt)
          Client-Ethernet-Address 2c:26:5f:00:00:00 (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            MSZ Option 57, length 2: 576
            Parameter-Request Option 55, length 8:
              Subnet-Mask, Default-Gateway, Domain-Name-Server, Hostname
              Domain-Name, BR, NTP, Classless-Static-Route
            Vendor-Class Option 60, length 12: "udhcp 1.31.1"
            Hostname Option 12, length 6: "Shield"
            END Option 255, length 0
            PAD Option 0, length 0, occurs 20
18:39:48.897050 IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 328)
    0.nextyourcontent.com.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from 2c:26:5f:00:00:00 (oui Unknown), lengt)
          Client-Ethernet-Address 2c:26:5f:00:00:00 (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Request
            Requested-IP Option 50, length 4: 192.168.5.110
            Server-ID Option 54, length 4: 192.168.5.2
            MSZ Option 57, length 2: 576
            Parameter-Request Option 55, length 8:
              Subnet-Mask, Default-Gateway, Domain-Name-Server, Hostname
              Domain-Name, BR, NTP, Classless-Static-Route
            Vendor-Class Option 60, length 12: "udhcp 1.31.1"
            Hostname Option 12, length 6: "Shield"
            END Option 255, length 0
            PAD Option 0, length 0, occurs 8
Running Itus Shield v2 Firmware



If you reply to this email, your message will be added to the discussion below:
http://itus.accessinnov.com/FIRMWARE-Itus-Shield-v2-tp2014p2028.html
To start a new topic under Technical Discussion, email ml+[hidden email]
To unsubscribe from Itus Networks Owners Forum, click here.
NAML
Running v2 Firmware