Monthly Archives: December 2010

Wifi Analysis in OS X

Aside from all those OS X wifi scanners originating from the Linux world, OS X comes with its own basic tool called airport. For quick access do the following:

sudo ln -s /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport /usr/bin/airport

Now, example usages can be:

airport en1 scan

or

airport en1 sniff 6 

Using Ipredator independantly from the default Route

This article is a copy of the howto from the Ubuntu forum by simonn (http://ubuntuforums.org/showthread.php?t=1472045). All credit go to him. I'm just copying this for preservational reasons.

I have a home server running Lucid which basically runs our home lan, but I also wanted to be able to run transmission-daemon over an ipredator VPN connection completely independently of the ethernet port (as far as the application layer is concerned anyway).

Most of the howtos for setting up VPN use the VPN as the default route, however I still wanted to run a webserver, dnsmasq etc, not to mention free bandwidth access to my ISP etc.

Thus, this howto.

The ppp connection still tunnels through eth0, but as far everthing else is concerned my server has two independent network ports eth0 and ppp0 and applications use the default route via eth0 to our router unless explicitely directed down pppX.

I assume that you already have transmission-daemon installed.

Firstly, install linux-pptp:

$ sudo apt-get install linux-pptp

Create /etc/ppp/peers/ipredator, replace <username> with your user name.

pty "pptp vpn.ipredator.se --nolaunchpppd --loglevel 0"
lock
noauth
nobsdcomp
nodeflate
name <username>
remotename ipredator
ipparam ipredator
require-mppe-128
refuse-eap
maxfail 0
persist
mru 1435
mtu 1435
nolog

Edit /etc/ppp/chap-secrets and add a line like so, replacing <username> and <password> with your username and password:

# Secrets for authentication using CHAP
# client    server      secret      IP addresses
  ipredator     vpn.ipredator.se

For the ppp interface to work independantly, we need to create a routing table for it. Edit /etc/iproute2/rt_tables and add the 100 predator line so it looks like below:

#
# reserved values
#
255 local
254 main
253 default
0   unspec
#
# local
#
#1  inr.ruhep
100 ipredator

Edit /etc/default/transmission-daemon and add the BIND_ADDRESS parameter. Do set BIND_PARAMETER to 1.2.3.4 below. The ip address will be changed to the ip address of the ipredator ppp connection by /etc/ppp/ip-up.d/010ipredator when the connection is started/restarted.

# defaults for transmission-daemon
# sourced by /etc/init.d/transmission-daemon

# change to 0 to disable daemon
ENABLE_DAEMON=1

# this directory stores some runtime information, like torrent files and config
CONFIG_DIR="/var/lib/transmission-daemon/info" 

BIND_ADDRESS=1.2.3.4

# default options for daemon, see transmission-daemon(1) for more options
OPTIONS="-g $CONFIG_DIR -i $BIND_ADDRESS"

Create /etc/ppp/ip-up.d/010ipredator. This script is run whenever a connection is started. We use this script to set up the routing rules, firewall rules and to restart transmission-daemon binding it to the ip address of the ppp connection.

Note that you have to script this as a restart as /etc/ppp/ip-down.d/010ipredator is not called if the connection drops.

#!/bin/sh
#PPP_IPPARAM    : ipparam set in /etc/ppp/peers/ipredator
#IFNAME     : interface name. Usually ppp0.
#PPP_REMOTE : remote ip address
#PPP_LOCAL  : local ip address, i.e. the ip address of pppX

if [ "$PPP_IPPARAM" = "ipredator" ]; then
    # Delete any dangling ipredator rules
        ip rule | sed -n 's/.*\(from[ \t]*[0-9\.]*\).*ipredator/\1/p' | while read RULE
    do
        ip rule del $RULE
    done

    # Delete any unneccesary and dangling ipredator routes
    ip route | sed -n 's/^\(93.182.[0-9]*.2\).*/\1/p' | while read ROUTE
    do
        ip route del $ROUTE
    done

    # Add the rule to direct all traffic from pppX ip address to
    # the ipredator routing table
    ip rule add from $PPP_LOCAL lookup ipredator

    # Add the route to direct all traffic using the the ipredator 
    # routing table to the pppX interface
    ip route add default dev $IFNAME table ipredator 

    # ntpd will use the pppX interface, so block it
    iptables -A OUTPUT -o $IFNAME -p udp --dport 123 -j DROP

    # Open DHT port on pppX
    iptables -A INPUT -i $IFNAME -p tcp --dport 51413 -j ACCEPT

    # Bind transmission-daemon to the address of pppX
    sed -i "s/BIND_ADDRESS=[0-9\.]*/BIND_ADDRESS=$PPP_LOCAL/g" /etc/default/transmission-daemon

    # Restart transmission-daemon. Uncomment after testing.
    #/etc/init.d/transmission-daemon restart

fi

Create /etc/ppp/ip-down.d/010ipredator. No comments as it should be clear what is going on here. This is run whenever the ipredator connection is stopped. It is not run if the connection drops.

#!/bin/sh

if [ "$PPP_IPPARAM" = "ipredator" ]; then
    ip rule | sed -n 's/.*\(from[ \t]*[0-9\.]*\).*ipredator/\1/p' | while read RULE
    do
        ip rule del $RULE
    done

    ip route | sed -n 's/^\(93.182.[0-9]*.2\).*/\1/p' | while read ROUTE
    do
        ip route del $ROUTE
    done

    /etc/init.d/transmission-daemon stop

    iptables -D OUTPUT -o $IFNAME -p udp --dport 123 -j DROP
    iptables -D INPUT -i $IFNAME -p tcp --dport 51413 -j ACCEPT
fi

To start ipredator:

$ sudo pon ipredator

After a few seconds and all things going well running ifconfig should return a pppX entry, e.g.

$ ifconfig
....
ppp0      Link encap:Point-to-Point Protocol  
          inet addr:93.182.x.x  P-t-P:93.182.x.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1431  Metric:1
          RX packets:28291 errors:0 dropped:0 overruns:0 frame:0
          TX packets:34498 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:9986616 (9.9 MB)  TX bytes:25842958 (25.8 MB)
....

inet addr:93.182.x.x is the ip address of the vpn connection.

If this interface does not appear look in /var/log/syslog for pppd messages.

Test the connection:

The following should return the ip address supplied by your ISP:

$ wget -qO - ip1.dynupdate.no-ip.com

The following, replacing with the obvious, should return your ipredator ip address (the pppX ip address):

$ wget --bind-address <pppX ip address> -qO - ip1.dynupdate.no-ip.com

If both the wget tests above work, all is well in the world. Uncomment out the "/etc/init.d/transmission-daemon restart" line in /etc/ppp/ip-down.d/010ipredator and...

$ sudo poff ipredator
$ sudo pon ipredator

This will start transmission-daemon automatically.

Using netstat -a you should see loads of connections to ipredatator made by transmission-daemon when torrents are started.

You can use many other commands via ipredator, but you have to expicitly use the pppX interface or ip address, e.g. wget as above, traceroute etc. If you want to use a browser via pppX you will need to setup a proxy server and bind/{,re}start it like transmission-daemon in /etc/ppp/ip-down.d/010ipredator, tinyproxy is probably your best bet for this.