Skip to content

Posts from the ‘Networking’ Category


ICMP Identifier field in UDP between Linux and OSX

Ping packet is traditionally created as a raw packet and formatted into ICMP ECHO REQUEST. The problem with creating a raw socket requires root privilege. It is alright if the program is running as part of the system service under root anyway. However, running as a non privilege user, the program requires extra care by configuring the setuid bit which poses security risks e.g. the program may have memory leak which can be hijacked with shellcode.
Read more »


PDNS Recursor: Forwarding DNS queries to local DNS Server

I have setup two PDNS servers running in the same host; pdns_server (the authoritative server) and pdns_recursor (a recursive server).

Here are the configurations for both PDNS servers settings:








Read more »


PowerDNS: Configuring and Running Authoritative & Recursor Servers In The Same Host.

This article gives a quick introduction of setting up PowerDNS (pdns) Authoritative and Recursor servers, and also demonstrates a scenario that how we need to use both in the same host.


DNS has two type of server operations: Authoritative and Recursive. Most common use of DNS servers is authoritative. For those who don’t know the difference, here is a good introduction. Both are for different purposes, also both types of server can be operated individually and cooperatively under the same host. Read more »


VMplayer: How to bridge to a specific network port

Suppose you need to bridge another network interface under your VM to a specific physical network port. First, you need to create a vmnet port and bind with that specific port. Here are the commands:

vmnet-bridge -n 2 -i eth1  -d /var/run/ -1vmnet2
mknod /dev/vmnet2 c 119 4
vmnet-netifup -d /var/run/ /dev/vmnet2 vmnet2
ifconfig vmnet2 up

Read more »


Watch your favourite TV programmes when you are abroad

If you are abroad and missing your favourite TV programmes (BBC iPlayer or ITV Live Sport) which are only available free online at home, then you can configure browser to use SOCKS proxy with ssh tunnelling to stream video/audio data from your remote (anywhere in UK) to your browser (abroad) location.

See this on how to setup.

For me, I use VPN to gain ssh access.


Malformed HTTP Content-Type value from Apache-Coyote 1.1

Couple days ago, I was maintaining AppQoS appliances at customer site and noticed that one of our analysis tables from the HTTP module produced some strange results.

The table displays all the HTTP traffic in terms of media type (MIME) and transaction size in descending order. Read more »


Awk scripts for reading and editing Ubuntu /etc/network/interfaces file (Part 2/2)

ubuntulogoFor modifying the /etc/network/interfaces file, I use another script and it is slightly more complicated.

[ Modified 28/Nov/14 ] – Created a new github repository for this script

[ Modified 22/May/14 ] – Added feature to remove an interface definition

Read more »


Awk scripts for reading and editing Ubuntu /etc/network/interfaces file (Part 1/2)

ubuntulogoIt is pretty straightforward to setup permanent network configuration on Ubuntu 8.04. All you need is to edit /etc/network/interfaces file and a very thorough tutorial is given in to show you how manually edit for DHCP, static and promiscuous mode. However, I cannot find any command line utility for configuring permanent network setup.

So here are couple awk scripts for reading and writing /etc/network/interfaces file. I hope someone will find it useful, especially for integrating with other programs.

[ Modified 28/Nov/14 ] – Created a new github repository for this script Read more »


Malformed HTTP Protocol from

NetworkingAgain, I was diagnosing HTTP protocol traffic on my local network and I noticed something really strange that disturbed the HTTP protocol analyser module in AppQoS. A serious malformed response packet was found from The response headers were formed without probably ended with CR, only LF and the misspell of the ‘Connection’ header. Here shows an example of the response packet from the site using Wireshark/Ethereal. Read more »


Malformed HTTP Protocol from Yahoo Traffic Server (YTS)?

NetworkingI noticed that my HTTP protocol analyser module of AppQoS reported some malformed HTTP packets. This was strange at first sight as the RFC for HTTP protocol is pretty well defined or this may be a bug in my module. So I inspected the captured packet with Wireshark/Ethereal. Thankfully, it wasn’t a bug in my module, it was actually the packet. Read more »