May 202014
 

Article based on the original work of  Travis Zajkowski first posted on his blog

As first thing, this is a good definition of subner, from wikipedia:

subnetwork, or subnet, is a logically visible subdivision of an IP network. The practice of dividing a network into two or more networks is called subnetting.

All computers that belong to a subnet are addressed with a common, identical, most-significant bit-group in their IP address. This results in the logical division of an IP address into two fields, a network or routing prefix and the rest field or host identifier. The rest field is an identifier for a specific host or network interface.

The routing prefix is expressed in CIDR notation. It is written as the first address of a network, followed by a slash character (/), and ending with the bit-length of the prefix. For example, 192.168.1.0/24 is the prefix of the Internet Protocol Version 4 network starting at the given address, having 24 bits allocated for the network prefix, and the remaining 8 bits reserved for host addressing. The IPv6 address specification 2001:db8::/32 is a large address block with 296 addresses, having a 32-bit routing prefix. In IPv4 the routing prefix is also specified in the form of the subnet mask, which is expressed in quad-dotted decimal representation like an address. For example, 255.255.255.0 is the network mask for the 192.168.1.0/24 prefix. Traffic between subnetworks is exchanged or routed with special gateways called routers which constitute the logical or physical boundaries between the subnets.

The benefits of subnetting vary with each deployment scenario. In the address allocation architecture of the Internet using Classless Inter-Domain Routing (CIDR) and in large organizations, it is necessary to allocate address space efficiently. It may also enhance routing efficiency, or have advantages in network management when subnetworks are administratively controlled by different entities in a larger organization. Subnets may be arranged logically in a hierarchical architecture, partitioning an organization’s network address space into a tree-like routing structure.

When you configure a server or a service it’s useful to know what’s the complete IP Address, so there are several different Subnet Calculators available for command line use on Linux. Two popular ones are:

ipcalc
sipcalc

Continue reading »

flattr this!

Jan 302013
 

When you run a webserver behind a reverse proxy or HTTP accelerator such as Varnish, the webserver access logs will display the IP of the proxy (generally 127.0.0.1) instead of the end user’s IP.
This is a problem when you have a software like webalizer, awstats or similar log file analysis program, because you lose one of the most important information: “Who is the requestor of a page ?”, also having all the access coming from the same IP (127.0.0.1) you lose information such as “what’s the browsing pattern of visitors ?” “Is someone trying to do something Nasty ?”

In this small how-to I’ll show how to put this information back on your Nginx log files in 2 different ways.

Continue reading »

flattr this!

Mar 222012
 

This is an article of mine, first published on Wazi
You can read the first part here

In this article we’ll see how apply BPF filters to wireshark to show the details of an HTTP session, an e-mail session and how to monitor who is visiting a certain site from our local network.
Finally I will make a summary of the most useful filters to use with Wireshark.

Here’s another classic example – an HTTP session. As before, start Wireshark and start capturing the traffic from the interface that goes out. Today, most HTTP traffic is compressed to speed up the exchange of information, so by default Wireshark decompresses the body part of HTTP packets. You can click on Edit -> Preferences -> Protocols -> HTTP and verify that “Uncompress entity bodies” is checked.
Continue reading »

flattr this!

Setup squid to use multiple outgoing IP addresses

Today I want to just give you a pill, but I’m sure that even if is short this article will save a lot of time to someone who, like me, has this requirement. Having a machine with Linux and various IP (which can be IPv4 and / or ipv6) and a Squid Proxy Server configure [...]