Setting up Ubuntu 9.10 Desktop Network Analyzer

I’ve always used my Macbook or a Windows machine to perform network captures and analysis. The Macbook is still my preferred machine but I am not leaving my Macbook anywhere so capturing traffic is limited to while I am onsite. The Windows machine isn’t reliable enough to stay up long enough to deem worthy and all the security patched (which all require a reboot) is creating more of a hassel then its worth. Also with Windows they use CIFS which means that Windows is unable to utilize even half the available bandwidth (this is fixed in Windows 7 from my understanding but other issues exist with Windows 7 currently not making it available).

So what is the correct tool to use to capture network traffic and analze over a period of time. Answer: Ubuntu!

I found an old Dell Inspiron 6000 that the LCD monitor doesn’t work anymore on but the VGA output works find if connected to a monitor so I am using that laptop for my network laptop. I plugged in an old Compaq 10/100 PCMCIA card that I will use for regular network connection which will also allow me to connect to the laptop remotely. I will utilize the built in 1Gig connection for my Sniffer connection to a spanned port on the switch.

First step was to insert the Ubuntu Desktop 9.10 CD and select Install when booted off the CD. I selected to erase the drive and I selected the default partition schema.

The installation takes about 15-20 minutes to copy off everything from the CD to the Harddrive, so its a patience/waiting game (hopefully you brought your Macbook with you so you have something to surf the internet with).

After the reboot and you login click on System – Administration – Update Manager (this will update all your packages with the latest security updates and will probably take about 15-20 minutes, good thing you have your MacBook still with you to surf the internet)

HIGH LEVEL

  1. Install Ubuntu Desktop 9.10 (20min)
  2. Update Packages (20min)
  3. Install Darkstat
    • sudo apt-get install darkstat
    • sudo gedit /etc/darkstat/init.cfg
    • sudo /etc/init.d/darkstat start
    [*]Install Wireshark
    • sudo apt-get install wireshark
    • (edit Application menu and change properties for wireshark to include gksu before wireshark)
    [*]Install Etherape
    sudo agt-get install etherape
    [*]Install Ethstatus
    sudo apt-get install ethstatus
    [*]Reboot[*]Install SSH[*]Configure VNC
    system – preferences – remote desktop
    [*]Install FTP Server
    sudo apt-get install vsftpd
    sudo gedit /etc/vsftpd.conf
    sudo /etc/init.d/vsftpd start

Other Ubuntu Network Tools that should be loaded on your Ubuntu Network Analyzer Desktop or Laptop.

  • Nessus – a powerful remote network security auditor, with a nice GUI. Nessus supports plugins and offers a usually current attack database. It also features useful scripting abilities, allowing you to automate many tasks. Install the nessus package using your favorite package manager.
  • Nmap – the standard network mapper. Has a thousand and one uses. To install Nmap install the nmap package.
  • Kismet – a wireless sniffing tool. Includes support for GPS map scanning with in use of the gpsdrive package. Install the kismet package from the Universe Repository.
  • Chkrootkit – chkrootkit can be used to help determine if a machine has been compromised. While not what you should use for the ‘final word’ on if you have been compromised, it runs a lot of useful checks and can direct suspicions towards finding a solution. To install chkrootkit install the chkrootkit package.
  • Rkhunter (Ubuntu 6.06 and above only) – another rootkit detection software. Install the rkhunter package from the Universe Repository.
  • tiger – Tiger is a package consisting of Bourne Shell scripts, C code and data files which is used for checking for security problems on a UNIX system. It scans system configuration files, file systems, and user configuration files for possible security problems and reports them. Install tiger chkrootkit john.
  • GnuPG – also known as GPG, is an open source PGP replacement implementing the OpenPGP standard. Lacks support for IDEA, but is incredibly useful. Included by default. GnuPG will allow you to encrypt emails, digitally sign, and integrates well into the Evolution mail client as well as Thunderbird.
  • Seahorse – a light-weight Gnome frontend for GPG, makes managing keys much easier. Install the seahorse package from the Universe Repository.
  • Nemesis – a command-line based packet injection utility. Requires a bit of reading the documentation to get full use from. To install nemesis install the nemesis package from the Universe Repository.
  • Tcpdump – while its name suggests that it works for only TCP, tcpdump also supports UDP, BGP, NFS, and a lot of other packet types. It is a powerful network utility that should be in every admins toolbox, allowing you to pull in everything off the wire. In combination with ethereal it doesn’t miss much. To install tcpdump install the tcpdump package.
  • OpenSSH – OpenSSH almost singlehandedly stopped admins from using telnet, an insecure protocol. The OpenSSH client is installed by default. Generally you want to use SSH instead of telnet or rsh. In some situations, such as large number of clients, you might want to pursue other options, such as telnet with ssl. To install the ssh server install the openssh-server package.
  • denyhosts (Ubuntu 6.10 and above only) – scans your SSH logs to find brute-force attacks, and then blocks the IPs they came from. To install denyhosts install the denyhosts package.

tracetcp – excellent tool that doesn’t rely on ICMP for checking for open ports… you can also scan for open ports (example to scan between 130 and 140: tracetcp 147.249.58.1 -h 3 -m 1 -p 1 -t 500 -c -r 130 140 -n)

Related Articles

Thunderbolt 5 in New Macs: Features, Benefits, and Is It Needed?

Apple’s new Mac mini and MacBook Pro models powered by M4 Pro and M4 Max chips introduce Thunderbolt 5 connectivity to the Mac lineup for the first time, bringing the first major bandwidth increase since Thunderbolt 3 debuted in 2015. While this next-generation standard promises significant improvements, understanding its specific benefits can help you decide whether it’s really essential for your needs.

Let’s take a closer look at Thunderbolt 5 – what it does, whether it’s necessary, and which accessories leverage the latest standard.

Thunderbolt 5: What It Does
Thunderbolt 5 doubles the standard data transfer speed to 80 Gbps in both directions, with a special “Bandwidth Boost” mode reaching up to 120 Gbps for video-intensive tasks. This asymmetrical mode allocates 120 Gbps to display data while maintaining 40 Gbps for other data transfers, effectively tripling the bandwidth compared to Thunderbolt 4. The standard also increases maximum power delivery to 240W, up from Thunderbolt 4’s 100W limit, enabling faster charging for power-hungry devices like the 16-inch MacBook Pro.

Intel specs: Thunderbolt 4 (today) vs. Thunderbolt 5 (tomorrow)
The increased bandwidth supports more demanding display configurations for M4 Pro and M4 Max-powered Macs. Thunderbolt 5 also incorporates DisplayPort 2.1, enabling features like 4K displays at 240Hz refresh rates, for smoother motion during gaming and video playback. Like previous versions, the standard maintains backward compatibility with older Thunderbolt standards and USB devices, including the latest USB4 2.0 specification.

Latest Macs With Thunderbolt 5
Apple’s latest Mac models featuring Thunderbolt 5 offer enhanced external display support, varying by specific chip configuration. Both the Mac mini with M4 Pro chip and MacBook Pro with M4 Pro or M4 Max chip provide three Thunderbolt 5 ports. Here’s a detailed breakdown of what’s capable in terms of display configurations:

MacBook Pro Models

MacBook Pro with M4 Pro Chip:

Supports up to two external displays:

Two displays with up to 6K resolution at 60Hz over Thunderbolt.
One display with up to 6K resolution at 60Hz over Thunderbolt and one display with up to 4K resolution at 144Hz over HDMI.

Alternatively, supports one external display:

One display with up to 8K resolution at 60Hz over HDMI.
One display with up to 4K resolution at 240Hz over HDMI.

MacBook Pro with M4 Max Chip:

Supports up to four external displays:

Three displays with up to 6K resolution at 60Hz over Thunderbolt and one display with up to 4K resolution at 144Hz over HDMI.

Alternatively, supports up to three external displays:

Two displays with up to 6K resolution at 60Hz over Thunderbolt and one display with up to 8K resolution at 60Hz or one display with up to 4K resolution at 240Hz over HDMI.

Mac mini Models

Mac mini with M4 Pro Chip:

Supports up to three external displays:

Three displays with up to 6K resolution at 60Hz over Thunderbolt.

Alternatively, supports one external display:

One display with up to 8K resolution at 60Hz or one display with up to 4K resolution at 240Hz over HDMI.

Note that the Mac mini with the standard M4 chip features Thunderbolt 4 ports and supports up to three external displays, with specific configurations as detailed in Apple’s technical specifications.

Do I Need Thunderbolt 5?
For most users performing everyday tasks like web browsing, document editing, or even photo editing, Thunderbolt 4’s 40 Gbps bandwidth remains more than adequate. Even 4K video editing and working with large file sizes works smoothly with Thunderbolt 4 connections, as many professionals will attest. The new Mac mini and base 14-inch MacBook Pro with M4 chip includes Thunderbolt 4 ports that should serve most of these users.

It’s worth considering Thunderbolt 5 if you work with 8K video, require multiple high-resolution displays, or regularly transfer extremely large files. The technology will be particularly beneficial if you work with virtual reality, 3D rendering, or high-end video production where every bit of bandwidth matters. However, remember that taking full advantage of Thunderbolt 5 requires compatible peripherals, which are just beginning to enter the market and typically command premium prices.

For most users, the presence of Thunderbolt 5 shouldn’t be the deciding factor when choosing between M4 and M4 Pro/Max Macs. The standard M4 models with Thunderbolt 4 will continue to serve the majority of users well, making Thunderbolt 5 a “nice-to-have” rather than a necessity for typical Mac buyers. The technology’s true benefits will likely become more apparent as compatible peripherals become more available and affordable over time.
14-Inch vs. 16-Inch MacBook Pro Buyer’s Guide 2024
M4 vs. M4 Pro vs. M4 Max Chip Buyer’s Guide: Which Should You Choose?
M1 vs. M2 vs. M3 vs. M4 MacBook Pro Buyer’s Guide: 30+ Differences Compared
Thunderbolt 5 Accessories
The first wave of Thunderbolt 5 peripherals is beginning to arrive. Apple’s Thunderbolt 5 Pro Cable ($69) features a braided black design, supports the full 120 Gbps bandwidth and 240W power delivery, while maintaining backward compatibility with Thunderbolt 3/4 and USB standards.

For storage, OWC’s Envoy Ultra external SSD achieves speeds over 6GB per second – double that of previous Thunderbolt drives – and comes in 2TB ($399.99) and 4TB ($599.99) configurations with a built-in Thunderbolt cable.

Lastly, OWC’s Thunderbolt 5 Hub ($189.99) expands a single port into three Thunderbolt 5 ports and one USB-A port, supporting up to 140W power delivery – enough to charge a 16-inch MacBook Pro. The hub enables three separate device daisy chains and can drive up to three 8K displays at 60Hz with Display Stream Compression. Its aluminum enclosure uses passive cooling for silent operation, making it suitable for noise-sensitive environments like recording studios.Tag: Thunderbolt 5This article, “Thunderbolt 5 in New Macs: Features, Benefits, and Is It Needed?” first appeared on MacRumors.comDiscuss this article in our forums

Responses