Monday, July 13, 2020

tcpdump in namespaces takes too long to show up

So you're trying to troubleshoot traffic in a Linux network namespace but TCPdump takes forever to show you results?

Try the following tags:

       -l     Make stdout line buffered.  Useful if you want to see the data while capturing it.  E.g.,
       -n     Don't convert addresses (i.e., host addresses, port numbers, etc.) to names.                                                                                 

root@ubuntu:~# ip netns exec ns65 tcpdump -n -l icmp                                                                                                                       
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode                                                                                                 
listening on eth0.65, link-type EN10MB (Ethernet), capture size 262144 bytes                                                                                               
05:16:51.785225 IP 10.63.0.11 > 10.65.0.11: ICMP echo request, id 2019, seq 28, length 64                                                                                  
05:16:51.785341 IP 10.65.0.11 > 10.63.0.11: ICMP echo reply, id 2019, seq 28, length 64                                                                                    
05:16:52.786762 IP 10.63.0.11 > 10.65.0.11: ICMP echo request, id 2019, seq 29, length 64                                                                                  
05:16:52.786882 IP 10.65.0.11 > 10.63.0.11: ICMP echo reply, id 2019, seq 29, length 64
Posted by at No comments:
Labels: , ,

Sunday, July 12, 2020

Eve-NG - Reset a Linux VM password

Eve-NG - Reset a Linux VM password

    It's Saturday morning and I think to myself, "Hey, let's hop into that Eve-NG lab I set up last month and update some of the nodes."  Well too bad, that password I'll never forget has been forgotten, it's time to set a new password I won't forget.

Gather some information

We'll need the UUID of the lab and the ID of the node that needs to have its password reset.  You can find both in the Eve-NG GUI or command line.

GUI

First we'll need the Lab's UUID.  If you only have one, you can skip this step.

Select your lab then click "Lab Details".


We'll also need the ID of the image that needs to be fixed.  Click "Nodes" in the side bar to bring up the list.  My neglected child in this case is "velogw" which is id:6.

CLI

Eve-NG labs are stored in /opt/unetlab/labs
# Grab lab UUID - in this example, "Before-After-v2.unl"
root@eve-ng:/opt/unetlab/labs# grep -E "^<lab" Before-After-v2.unl 
<lab name="Before-After-v2" id="e437388f-5921-44d6-b0bd-ddc412420057" version="1"
scripttimeout="300" lock="0">

# Grab instance UUID - in this example, "velogw"
root@eve-ng:/opt/unetlab/labs# grep "velogw" Before-After-v2.unl | awk '{print $2,$3}'
id="6" name="velogw"

API

You can also use the API to get the lab/node IDs but that's a rabbit hole for another day.

Shutdown the VM

Generate a new password

root@eve-ng:~# openssl passwd -1 SuperSecureExample
$1$2y4Zveuk$5hXJrZUJ2KNOUv6ROMAYE.

Install Guestfish

apt install libguestfs-tools

Locate the node's QCOW2

It's in /opt/unetlab/tmp/0/<LAB_UUID>/<NODE_ID>.
root@eve-ng:~# cd /opt/unetlab/tmp/0/e437388f-5921-44d6-b0bd-ddc412420057/6
root@eve-ng:/opt/unetlab/tmp/0/e437388f-5921-44d6-b0bd-ddc412420057/6# 
root@eve-ng:/opt/unetlab/tmp/0/e437388f-5921-44d6-b0bd-ddc412420057/6# ls
virtioa.qcow2  wrapper.txt

Load the QCOW2 into guestfish

root@eve-ng:/opt/unetlab/tmp/0/e437388f-5921-44d6-b0bd-ddc412420057/6# guestfish --rw -a
 ./virtioa.qcow2 
Welcome to guestfish, the guest filesystem shell for
editing virtual machine filesystems and disk images.
Type: 'help' for help on commands
      'man' to read the manual
      'quit' to quit the shell
# Launch the thing.
><fs> launch
 100% 
# Get filesystems
><fs> list-filesystems
/dev/sda1: ext4
# Mount filesystem
><fs> mount /dev/sda1 /
# Edit the password
><fs> vi /etc/shadow
# Look for the user you want to reset, password section highlighted below.
vcadmin:$1$g4XfHfg6$vuMiPfkgiLDK8pXjwR5hC.:18345:0:90:7:::
# Replace that with the password info we generated earlier.
vcadmin:$1$2y4Zveuk$5hXJrZUJ2KNOUv6ROMAYE.:18345:0:90:7:::
# Quit guestfish
><fs> quit

Restart the VM and login.

VCG login: vcadmin
Password: 
You are required to change your password immediately (password aged)
Changing password for vcadmin.
(current) UNIX password: 
Enter new UNIX password: 
Retype new UNIX password: 
Last login: Sun Jul 12 14:44:45 UTC 2020 from 192.168.110.1 on pts/0
Welcome to Velocloud VCG (GNU/Linux 3.13.0-176-generic x86_64)
vcadmin@VCG:~$ 
Posted by at No comments:
Labels: , , , ,
Subscribe to: Posts (Atom)