Difference between revisions of "HowTo Setup A Wireless Notebook With Multiple Network Interface Adapters Using: "nstnetcfg""
(→Interface: p4p1) |
(→Overview) |
||
(10 intermediate revisions by 2 users not shown) | |||
Line 4: | Line 4: | ||
− | [[File:Thunderbolt.png|frame|left|'''[[Feature Release Symbol | <center>NST | + | [[File:Thunderbolt.png|frame|left|'''[[Feature Release Symbol | <center>NST 20<br /> SVN: 5663</center>]]''']]This page demonstrates how to setup networking with an NST ''wireless'' notebook that is configured with ''multiple'' network interface adapters for performing ''simultaneous'' network computing surveillance tasks. The NST script: "'''[http://nst.sourceforge.net/nst/docs/scripts/nstnetcfg.html nstnetcfg]'''" command line software utility was designed to make this task easy to accomplish using a combination of both the "'''[http://en.wikipedia.org/wiki/NetworkManager NetworkManager]'''" and "'''network'''" services. |
<div class="centerBlock"><div class="noteMessage">'''Note:''' One of the design goals of the "'''[http://en.wikipedia.org/wiki/NetworkManager NetworkManager]'''" service was to make setting up a ''wireless'' adapter in '''Linux''' a much simpler process.</div></div> | <div class="centerBlock"><div class="noteMessage">'''Note:''' One of the design goals of the "'''[http://en.wikipedia.org/wiki/NetworkManager NetworkManager]'''" service was to make setting up a ''wireless'' adapter in '''Linux''' a much simpler process.</div></div> | ||
Line 13: | Line 13: | ||
<div class="centerBlock"><div class="noteMessage">'''Note:''' The '''[http://en.wikipedia.org/wiki/Universal_Serial_Bus USB 3.0 Specification]''' defines the "'''SuperSpeed'''" mode with a signalling speed of '''5''' Gb/s and a usable data rate of up to '''4''' Gb/s. Based on this, a '''USB 3.0 Gigabit NIC Adapter''' should be capable of providing ''Full Line Rate'' Gigabit Data to the '''NST''' system.</div></div> | <div class="centerBlock"><div class="noteMessage">'''Note:''' The '''[http://en.wikipedia.org/wiki/Universal_Serial_Bus USB 3.0 Specification]''' defines the "'''SuperSpeed'''" mode with a signalling speed of '''5''' Gb/s and a usable data rate of up to '''4''' Gb/s. Based on this, a '''USB 3.0 Gigabit NIC Adapter''' should be capable of providing ''Full Line Rate'' Gigabit Data to the '''NST''' system.</div></div> | ||
+ | |||
+ | <div class="centerBlock"><div class="noteMessage">[[Image:Warning.png]] Following the instructions on this page may cause a issue with the NetworkManager applet in regards to selecting wireless networks. You might not be able to select wireless networks directly from the list presented by the applet after following the steps on this page. You should still be able to select wireless networks by selecting the ''Network Settings'' option that appears at the bottom on the NetworkManager applet on a GNOME 3 desktop. | ||
+ | [[Image:NetworkSettings.png|290px|411px|center|Use ''Network Settings'' To Select A Wireless Network]] | ||
+ | </div></div> | ||
= '''Network Interface Setup Configuration Information''' = | = '''Network Interface Setup Configuration Information''' = | ||
Line 59: | Line 63: | ||
<div class="userInput"><span class="prompt">[root@probe ~]# </span></div> | <div class="userInput"><span class="prompt">[root@probe ~]# </span></div> | ||
</div> | </div> | ||
+ | |||
+ | | ||
== '''"NetworkManager Service" Configured Interface''' == | == '''"NetworkManager Service" Configured Interface''' == | ||
Line 102: | Line 108: | ||
<div class="screen"> | <div class="screen"> | ||
− | <div class="userInput"><span class="prompt">[root@probe ~]# </span>for i p2p1 p4p1 | + | <div class="userInput"><span class="prompt">[root@probe ~]# </span>for i p2p1 p4p1; do nstnetcfg --mode stealth --interface ${i}; done</div> |
+ | <div class="userInput"><span class="prompt">[root@probe ~]# </span></div> | ||
+ | </div> | ||
+ | |||
+ | | ||
+ | |||
+ | == '''Using A Bash Script With "nstnetcfg"''' == | ||
+ | It may be better to use a '''[http://en.wikipedia.org/wiki/Bash Bash]''' script given the numerous invocations of "'''nstnetcfg'''" with this '''NST''' network configuration setup. A good location to store your script would be in directory: "'''/etc/nst'''". This will allow one to ''easily'' make changes to your network configuration by editing the script and running it. An example script below is shown for: "'''/etc/nst/net_cfg2.sh"''' using the above invocations of "'''nstnetcfg'''". One can copy and paste this script as a starter template file for your usage. | ||
+ | |||
+ | <pre class="programListing"> | ||
+ | #!/bin/bash | ||
+ | |||
+ | # | ||
+ | # Script: "net_cfg2.sh" | ||
+ | |||
+ | # | ||
+ | # Description: Helper script for setting up the configuration of network interfaces | ||
+ | # on a wireless notebook using: "nstnetcfg". | ||
+ | |||
+ | # | ||
+ | # Short Usage: "nstnetcfg" | ||
+ | # | ||
+ | # nstnetcfg [-m|--mode TEXT] [-i|--interface DEVICE] | ||
+ | # [-a|--ipv4-addr-prefix IPv4ADDR/PREFIX] [-g|--gateway IPv4ADDR] | ||
+ | # [--mac-addr MACADDR] [--host-name TEXT] [--domain-name TEXT] | ||
+ | # [--name-servers IPv4ADDRLIST] [--hosts-file-only [true]|false] | ||
+ | # [--virtual-host TEXT] [--server-name TEXT] | ||
+ | # [-h|--help [true]|false] [-H|--help-long [true]|false] | ||
+ | # [-v|--verbose [true]|false] [--version [true]|false] | ||
+ | # | ||
+ | # Available Modes: ipv4, dhcp, ssl, stealth, netmgr, rmint, init, show | ||
+ | |||
+ | # | ||
+ | # Uncomment to enable verbosity | ||
+ | #VERBOSE=" --verbose"; | ||
+ | |||
+ | # | ||
+ | # Network Interface: Initialization | ||
+ | /usr/bin/nstnetcfg --mode init${VERBOSE}; | ||
+ | |||
+ | # | ||
+ | # Network Interface: wlan0 | ||
+ | /usr/bin/nstnetcfg --mode netmgr --interface wlan0${VERBOSE}; | ||
+ | |||
+ | # | ||
+ | # Network Interface: p2p1 | ||
+ | /usr/bin/nstnetcfg --mode stealth --interface p2p1${VERBOSE}; | ||
+ | |||
+ | # | ||
+ | # Network Interface: p4p1 | ||
+ | /usr/bin/nstnetcfg --mode stealth --interface p4p1${VERBOSE}; | ||
+ | |||
+ | # | ||
+ | # Uncomment for using a Stealth Interface Combo Setting | ||
+ | #for i in p2p1 p4p1; | ||
+ | # do /usr/sbin/nstnetcfg --mode stealth --interface ${i}; | ||
+ | #done | ||
+ | </pre> | ||
+ | |||
+ | === '''Script Invocation''' === | ||
+ | |||
+ | Make sure the script has it's '''execute''' permissions set: | ||
+ | |||
+ | <div class="screen"> | ||
+ | <div class="userInput"><span class="prompt">[root@probe ~]# </span>chmod +x "/etc/nst/net_cfg2.sh";</div> | ||
+ | <div class="userInput"><span class="prompt">[root@probe ~]# </span></div> | ||
+ | </div> | ||
+ | |||
+ | Execute the script: | ||
+ | |||
+ | <div class="screen"> | ||
+ | <div class="userInput"><span class="prompt">[root@probe ~]# </span>/etc/nst/net_cfg2.sh;</div> | ||
+ | <div class="userInput"><span class="prompt">[root@probe ~]# </span></div> | ||
+ | </div> | ||
+ | |||
+ | | ||
+ | |||
+ | == NetworkManager Command Line Status == | ||
+ | |||
+ | The output below show the '''NetworkManager''' device status using the command line utility: "'''nmcli'''" after running the example "'''nstnetcfg'''" invocations above. | ||
+ | |||
+ | <div class="screen"> | ||
+ | <div class="userInput"><span class="prompt">[root@probe ~]# </span>nmcli device status;</div> | ||
+ | <pre class="computerOutput"> | ||
+ | DEVICE TYPE STATE | ||
+ | p2p1 802-3-ethernet unmanaged | ||
+ | p4p1 802-3-ethernet unmanaged | ||
+ | wlan0 802-11-wireless connected | ||
+ | </pre> | ||
<div class="userInput"><span class="prompt">[root@probe ~]# </span></div> | <div class="userInput"><span class="prompt">[root@probe ~]# </span></div> | ||
</div> | </div> |
Latest revision as of 09:42, 27 March 2014
Contents
- 1 Overview
- 2 Network Interface Setup Configuration Information
- 3 Network Interface Configuration: nstnetcfg
Overview
This page demonstrates how to setup networking with an NST wireless notebook that is configured with multiple network interface adapters for performing simultaneous network computing surveillance tasks. The NST script: "nstnetcfg" command line software utility was designed to make this task easy to accomplish using a combination of both the "NetworkManager" and "network" services.
The diagram below will be used as a reference for setting up a wireless notebook configured with multiple network interface adapters using NST. The notebook is shown with USB 3.0 Gigabit NIC attachments to the network infrastructure for security tasks and the wireless interface used for management connectivity. This configuration is typical for a Network Security Professional to perform mobile network surveillance tasks and penetration analysis tests.
Network Interface Setup Configuration Information
In this section we will identify each network interface and how it should be setup using the "Wireless Notebook" configuration illustrated in the reference diagram above. The NetworkManager service by default will use "DHCP" to derive its network parameters (i.e., IPv4 Adress, Subnet Mask, Host Name, Gateway Address, Name Servers, Time Servers, etc...) The table below depicts values that will be used by the nstnetcfg script.
Interface / Parameter | Configuration Values | Network Service Management |
---|---|---|
wlan0 | Network parameters derived from: DHCP | NetworkManager |
p2p1 | IPv4 Address: stealth | network |
p4p1 | IPv4 Address: stealth | network |
Network Interface Configuration: nstnetcfg
The NST script: "nstnetcfg" will now be used for setting up networking on this notebook. This script will enable the "NetworkManager" service for the wireless adapter: "wlan0" and enable the "network" service for "stealth" interfaces: "p2p1" and "p4p1". Use the sequence of nstnetcfg invocations below to serve as an example for setting up networking on your particular wireless notebook with NST.
The "nstnetcfg" script should only be run on a Serial Console or a Desktop Terminal due to the fact that the "IPv4 Address" for this NST system will most likely change.
Initialize All Network Interfaces
The nstnetcfg mode: --init will put the networking setup posture in a known initialized state. Both the "NetworkManager" service and the "network" service will be disabled with their associated configuration files and/or entries removed. The "LoopBack" interface device is never altered or removed with this mode. The Name Service Switch configuration file: "/etc/nsswitch.conf" will have its hosts entry set to: "files dns". It is wise to first use this mode prior to setting up networking so that any lingering "NetworkManager" configuration files will Not interfere with the "network" service operation.
"NetworkManager Service" Configured Interface
The example NST notebook shown above uses the wireless network interface: "wlan0" for network connectivity to and from this NST system.
Interface: wlan0
The configuration for this interface is shown below. Once the "wlan0" network interface is under the control of the NetworkManager service, One will need configure the wireless interface using the NetworkManager applet located on your Desktop.
Stealth Configured Interfaces
The "Stealth" network interfaces (i.e., An interface in the "UP" state with No binding IPv4 Address) will now be configured using the network service. These interfaces are strategically network attached throughout the network infrastructure for surveillance monitoring.
Interface: p2p1
This network interface: "p2p1" is used to monitor specific "Intranet" traffic on a SPAN (Switched Port Analyzer) port.
Interface: p4p1
This network interface: "p4p1" is used to monitor specific "Firewall" traffic on a SPAN (Switched Port Analyzer) port.
Stealth Interface Combo Setting Command
The output below is a compact way of using a Bash "for loop " statement to configure all "Stealth" interfaces in one command line invocation.
Using A Bash Script With "nstnetcfg"
It may be better to use a Bash script given the numerous invocations of "nstnetcfg" with this NST network configuration setup. A good location to store your script would be in directory: "/etc/nst". This will allow one to easily make changes to your network configuration by editing the script and running it. An example script below is shown for: "/etc/nst/net_cfg2.sh" using the above invocations of "nstnetcfg". One can copy and paste this script as a starter template file for your usage.
#!/bin/bash # # Script: "net_cfg2.sh" # # Description: Helper script for setting up the configuration of network interfaces # on a wireless notebook using: "nstnetcfg". # # Short Usage: "nstnetcfg" # # nstnetcfg [-m|--mode TEXT] [-i|--interface DEVICE] # [-a|--ipv4-addr-prefix IPv4ADDR/PREFIX] [-g|--gateway IPv4ADDR] # [--mac-addr MACADDR] [--host-name TEXT] [--domain-name TEXT] # [--name-servers IPv4ADDRLIST] [--hosts-file-only [true]|false] # [--virtual-host TEXT] [--server-name TEXT] # [-h|--help [true]|false] [-H|--help-long [true]|false] # [-v|--verbose [true]|false] [--version [true]|false] # # Available Modes: ipv4, dhcp, ssl, stealth, netmgr, rmint, init, show # # Uncomment to enable verbosity #VERBOSE=" --verbose"; # # Network Interface: Initialization /usr/bin/nstnetcfg --mode init${VERBOSE}; # # Network Interface: wlan0 /usr/bin/nstnetcfg --mode netmgr --interface wlan0${VERBOSE}; # # Network Interface: p2p1 /usr/bin/nstnetcfg --mode stealth --interface p2p1${VERBOSE}; # # Network Interface: p4p1 /usr/bin/nstnetcfg --mode stealth --interface p4p1${VERBOSE}; # # Uncomment for using a Stealth Interface Combo Setting #for i in p2p1 p4p1; # do /usr/sbin/nstnetcfg --mode stealth --interface ${i}; #done
Script Invocation
Make sure the script has it's execute permissions set:
Execute the script:
NetworkManager Command Line Status
The output below show the NetworkManager device status using the command line utility: "nmcli" after running the example "nstnetcfg" invocations above.
DEVICE TYPE STATE p2p1 802-3-ethernet unmanaged p4p1 802-3-ethernet unmanaged wlan0 802-11-wireless connected