Inverse ARP

March 4th, 2010 No Comments

While researching fast ways to find a relationship between a MAC and IP address, I dug up some info on Inverse ARP and found out that it isn’t widely a supported protocol. Basically, it’s only used in frame relay networks, which doesn’t help matters.

So I did what any sensible geek does, I hacked something together.

This is just the proof of concept, and I do hope to someday have it more self contained. At the moment it relies on WinPcap and SharpPcap, which makes it quite large and cumbersome to deploy.

So far, there are two parts, inarp.exe and inarpd.exe. Inarp.exe gets the IP associated with the specified MAC, while inarpd.exe intercepts InARP packets and sends the appropriate replies.

Basic use:

//remote machine
inarpd.exe

//your machine
inarp "ma-ca-dd-re-ss-s0" //sends queries on all network interfaces
inarp "ma-ca-dd-re-ss-s0" "Network interface GUID" //Sends on a specific interface
No interface specified or matched criteria.
[ARPPacket: 8 AAAAAAAAAAAA -> BBBBBBBBBBBB, 0.0.0.0 -> 0.0.0.0] //InARP Request
[ARPPacket: 9 BBBBBBBBBBBB -> AAAAAAAAAAAA, 192.168.1.101 -> 0.0.0.0] //InARP Reply

inarp code and binaries.

Read More »

Another reason to have your own server

February 24th, 2010 No Comments

I’ve heard Hak5 talk about the awesomeness of SSH Tunneling and how it can secure your traffic, but I’ve never really given it much thought until when I actually needed it. The ability to tunnel traffic through somewhere else, was super helpful a couple months ago when I needed to test some VPN settings while at work.

Read More »

Domain Hacking

February 18th, 2010 No Comments

My wife has been getting into blogging more a more lately and so I figured it was about time that she get set up with something other than Blogger. Partly so that we can have a little more control over the look, and come on, it’s just cool.

Then last night while on our date, we finally decided that instead of registering a new domain, we’d try some domain name hacking! So if you’re into reading about the life of a wife, check out Mrs.JoshErickson.com!

Read More »

Of IPs & Subnets

January 27th, 2010 No Comments

While if you look, there are tools to calculate a IP subnet/address range, they all seem to rely on string splitting and converting the address to binary manually. Which I think is bulky, hard to maintain, and more importantly, not that elegant. So pulling to mind my Cisco CCNA classes where my instructor would drill into us the binary ands and ors of IP and subnet addressing, I got down to work.

All examples are in Powershell, however they could be translated to C#, any .NET language or even some other language quite easily.

Examples

Including System.net. This may not be necessary, but I’ve mucked with my Powershell settings way too much to know about a vanilla install.

#Powershell v1.0
[reflection.assembly]::LoadWithPartialName("system.net");
#Powershell v2.0
Add-Type -AssemblyName System.Net;

A common plight for me is finding out if two different IP addresses are on the same local network.

$router = [net.ipaddress]::Parse("192.168.1.254");
$subnet = [net.ipaddress]::Parse("255.255.255.0");
$IP_one = [net.ipaddress]::Parse("192.168.1.23");
$IP_two = [net.ipaddress]::Parse("192.168.1.55");
$IP_three = [net.ipaddress]::Parse("33.21.9.1");

#get the network ID
#in this case it's 192.168.1.0
$network = $router.address -band $subnet.Address

($network -band $IP_one.Address) -eq $network #True
($network -band $IP_two.Address) -eq $network #True
($network -band $IP_three.Address) -eq $network #False

Of course there are also times where I need to know how many addresses there are in the network or what they are.

$seed = [net.ipaddress]::Parse("192.168.23.45");
$subnet = [net.ipaddress]::Parse("255.255.252.0");

$begin = ($seed.address -band $subnet.address)
$end = (([net.ipaddress]::Broadcast.Address -bxor $subnet.Address) -bor $seed.address)

#It's the same for both start and ending IP's
#We convert from a 64 to 32 bit integer (8 to 4 bytes) and then reverse it so we can do addition/subtraction math to later on.
$start_bytes = new-object byte[] 4;
[array]::copy([bitconverter]::getBytes(($seed.address -band $subnet.address)), $start_bytes, 4);
[array]::Reverse($start_bytes);
$start_int = [bitconverter]::ToInt32($start_bytes,0);

$end_bytes = new-object byte[] 4;
[array]::copy([bitconverter]::getBytes((([net.ipaddress]::Broadcast.Address -bxor $subnet.Address) -bor $seed.address)), $end_bytes, 4);
[array]::Reverse($end_bytes);
$end_int = [bitconverter]::ToInt32($end_bytes,0);

#Entire range including the network ID and Broadcast addresses
[math]::Abs($start_int - $end_int) + 1

#Just the number of usable addresses
[math]::Abs($start_int - $end_int) - 1

#Address list!
for($i=0; $i -le [math]::abs($start_int - $end_int); $i++) {
    $tba = [bitconverter]::getbytes($i + $start_int);
	[array]::Reverse($tba)
    (new-object net.ipaddress ([bitconverter]::ToInt64($tba + [byte[]]@(0,0,0,0),0))).tostring();
}

Conclusion

As you can see, using bitwise operations greatly reduces the complexity required to calculate network addresses. By simplifying the process, it makes it much easier to maintain the code and build on it later!

Read More »

Restoring Hyper-V VM with snapshot tree

January 27th, 2010 No Comments

For whatever reason, you’ve lost your virtual machine settings in Hyper-V and it just so happened they are snapshots. I sure hope that this was a test server and not a production one! Tsktsk! By now, you’ve probably scoured the interweb searching for a cure, and you’re in luck, you’ve found a way to get back your snapshot tree instead of just merging the disks! Oh joy!

It would seem everyone out there is happy with just merging their VHDs and getting back to work, but not me, no sir! I want things back the way they were! It took me about half a day to get this, so hopefully, this will save you some time for more important things, like tetris!

Steps

  1. Create same number of pre-existing snapshots using the Hyper-V MMC.
  2. Replace new snapshots with old snapshots while renaming the old to the same as the new, except the file extension should be “vhd” instead of “avhd”. The reason we’ll see later, but the Hyper-V tool to repair VHD chains auto-appends .vhd! (Grr Hyper-V Team, grr!)
  3. Repair the vhd’s. Because of our renaming we’ve broken the differencing chain. To fix this, go to open Hyper-V, go to the VM’s Settings and then the hard drive. Change the VHD to the new one (simply changing the extension should work) and click “inspect disk”. This will walk you through fixing the chain.
  4. Modify the ACL to include the VM specific account. This you must to in Powershell since the Explorer GUI can’t seem to find the account. I don’t know why and there may be a way, but I’m to lazy to dig into it and this works. (Below you can find some sample code.) The account to add from the old VHD, is the one that starts with “NT VIRTUAL MACHINE” and ends with a GUID. 
    ##START POWERSHELL CODE
#get the old vhd's permissions
$vm_perm = (get-acl .\old.vhd).access | where { $_.IdentityReference.tostring().contains("NT VIRTUAL MACHINE") }

#Load the new vhd's acl into memory
$newvhd = get-acl .\new.vhd

$newvhd.AddAccessRule($vm_perm)

$newvhd | set-acl .\new.vhd
##END POWERSHELL CODE
  5. Open all the VM’s XML setting files and make sure that any settings related the the VHD’s is correct. This should only be the filename. If you need to edit these files be sure to turn off the Hyper-V Management Service, this will not affect the VM’s running, only the managing of them. The XML files can be found wherever you made the VM.
  6. You should now have a restored VM with the snapshot tree! Woo! Go you!
Read More »

I’m on a boat!

November 30th, 2009 1 Comment

Well, I’m married now and very probably enjoying a lovely honeymoon given to us by my aunt and uncle from California. They got us two tickets on a cruise in the Caribbean (?), which is super nice since it’ll be warm and by the ocean which means Katrina’s gonna be in a bikini a lot of the time!

See you all next week!

This has been a prerecorded message.

Read More »

I’m getting married!

November 27th, 2009 No Comments

In the evening, not the morning…and it’s this evening.

I’m getting married to my bestest friend in the whole wide world, Katrina Bakker!

My brother (best man), cousin, and Katrina’s brothers are standing up for me and both of our sisters are standing up her. My grandpa who is here all the way from California is officiating the wedding, so this whole thing is very much a family affair.

After today I’m going to be married man. With…responsibilities! :S Never the less, I go now to meet my destiny!

This has been a prerecorded message.

Read More »

My first cmdlet, Out-Web

November 12th, 2009 No Comments

It’s been a while since I’ve done a for fun computer project, so I decided I wanted to learn how to make PowerShell Cmdlets. The problem was that I couldn’t think of really anything I wanted to make! Then one day I was reading Lee Holmes’ blog, saw the “Out-Web” and had a project.

Download the source and binaries here. You should be able to open the solution with both Visual Studio or Visual C# Express, but if you have neither, you can build it from the command line (instructions included!). I don’t know if it’ll work with PowerShell V1, but you should have upgraded by now anyway.

I’d like to thank Mr. Cook from Cook Computing for writing an awesome tool, XML-RPC.NET. And I’d also like to thank Orbifold for their Wordpress XML-RPC library which helped decipher the RPC calls.

Test post.
Capture

Read More »

Out-web test

November 12th, 2009 1 Comment

Blogging from powershell?! Oh yeah!

Read More »

Interesting Comment

October 23rd, 2009 No Comments

I got this interesting comment today.

Hello from Russia!
Can I quote a post in your blog with the link to you?

It’s almost…not spam, but it is.

Read More »
« Older Entries
Subscribe to RSS Feed Follow or die!