From my Spells book No1 Tcpdump

So I have a number of journals one of which I call “Spells” ! It’s just a collection of scripts commands etc. But for years now I’ve been thinking about putting together some short snappy articles about each of them – so finally hear we go!

Tcpdump is a “data-network packet analyser computer program”
What does it do? It lets you look at network traffic and see what is coming into and out of your computer.

Typically this can be useful if you want to see what is going on with a particular application (it might be a web server or a mail server – you might want to look at DNS traffic).

Usage is fairly straight forward 

ie “sudo tcpdump” Will give you pretty much everything coming in and going out of the machine. It’s interesting to run this and if you look closely you can get an idea of web page construction – live connectivity all sorts of interesting stuff. But it is sometimes a lot of information (use control command key combination to stop the session).

sudo tcpdump port 53
Will give you an idea of whats going on with regards DNS
If your running a web server “sudo tcpdump port 80” or “sudo tcpdump port 443” will give you a good picture of whats going on.

It’s even useful just to see if the network is up – for example you can bring up a couple of terminal windows
“sudo tcpdump icmp” in one window and “ping 8.8.4.4” in another, will give you feedback like this and indeed prove that your computer is infact on the interweb!

Tcpdump and icmp running in seperate terminal windowss!

If you want to actually capture data to a file try something like this
“sudo tcpdump -s 0 -w dumpfile host 8.8.8.8” and then “ping 8.8.8.8” that will create a packet dump in a format that can be read via tcpdump or something like wireshark if you want to view things in a GUI.
 
Although this is just a basic introduction to packet tracing, tcpdump is the grandaddy of all packet tracers and it’s a good skill to have. 

One word of warning though, is that you should not run tcpdump on a network that is not yours! Ie check if your doing this at work, as in some situations it could be considered not appropriate or verging on hacking. Use with caution!

Updating PHP tech note

Just a tech note on updating php

sudo wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg

echo “deb https://packages.sury.org/php/ buster main” | sudo tee /etc/apt/sources.list.d/php.list

sudo apt update

sudo apt install -y php7.4-common php7.4-fpm php7.4-cli php7.4-curl php7.4-json php7.4-mysql php7.4-opcache php7.4-gd php7.4-sqlite3 php7.4-mbstring php7.4-zip php7.4-readline php-pear

mod website nginx config to point to new version of php (7.4)

fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; }

Beta testers needed!

Hi I’m very proud to announce that my application (which I still haven’t found a name for!) is ready for beta release. It’s a very light command line app that uses log data for security hardening, so if you use Ubuntu, debian or linux (and or nginx or apache2) and are comfortable with the command line then please do get in touch. At this stage it’s a fairly simple app and in effect a security tool for those of us who can not afford thousands of dollars towards their own IDS.

This application will probably be most useful for smb running their own sites (small aws installs for example) for people who want extra security, and to stop a lot of the “noise” that hits the average web server.
If you want more information, have a look at the intro vid I made that is put up on youtube..
All I ask is that you supply the version of ubuntu / linux that you’re using and that after looking at the app take the time to fill in a short survey.

Look forward to hearing from you
Regards Steve Abrahall
PS if your interested email me at

steveabrahall AT gmail DOT comm

To find out what version of the os your using
lsb_release -a

Tech note for certbot!

Did some testing this morning on the new certs and realised that things were not working in firefox and at one point I think I saw an erro in chrome!
Problem was fire fox needed both www and non www versions of the site name. Re issuing the cert sorted this in no time!

This is how the process worked out…!

sudo certbot --nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
No names were found in your configuration files. Please enter in your domain
name(s) (comma and/or space separated) (Enter 'c' to cancel): www.gingercatsoftware.com gingercatsoftware.com