text2pcap – How to convert ASCII packet dumps to .pcap files?

February 2nd, 2015 Wael Osama Posted in Tools | 3 Comments »

Nothing in my experince is better at telling the real story than a packet capture. They tell exactly what is really going on and whether the configuration or changes are working  as expected or not. Sometimes an engineer needs to look at packet captures taken from devices that don’t generate .pcap files directly. Although with some experince and familarity, one can visually inspect some packets for certain pieces of informaiton but after all this is what computers are made for.

You are probably familiar with text2pcap but in case you aren’t, It is a command line tool that comes pre-installed with wireshark  package. The program simply does what it’s name implies. It converts the ASCII hex representation of a packet or a series of packets to a pcap file to inspect with whatever tool you prefer.  For me I just love wireshark.

text2pcap, has some nice features including adding dummy L2/L3 headers to application layer headers if your orginal capture is missing those layers.  It allows text comments within the ASCII files. Also being a command line tool makes it easily intergratable in scripts; which is another thing I like about it.

99% of the time I just use the main function without any options and it is as simple as following steps:

  1. Capture the ASCII dump of some packets.
  2. Save them to a file and make sure they are in the correct fromat for text2pcap. Example below.
  3. From your shell type text2pcap

That’s all. Here is a quick example:

0000     00 a0 a5 81 7d b1 00 23 9c 13 53 82 08 00 45 00    ....m..#..T...E.
0010     00 40 00 00 40 00 3e 11 ba f2 ac 1d 99 34 ac 1e    .@..@.>......3..
0020     92 4b 0b f8 cd 6a 00 2c 18 a3 03 b9 00 24 2c ef    .J...j.,.....$,.
0030     7f 2e c0 ff f3 f8 b4 1c df 1d 8e 01 3d f4 12 10    ............=...
0040     52 65 71 75 65 73 74 20 44 65 6e 69 65 64         Request.Denied

[wael:~/Desktop/Workspace] wael% text2pcap -d ../packet.txt ../radius.pcap
Input from: ../packet.txt
Output to: ../radius.pcap
Output format: PCAP
Start new packet (cont = FALSE).
[[parse_preamble: ""]]
Wrote packet of 78 bytes.

The following link offers more information about text2pcap https://www.wireshark.org/docs/man-pages/text2pcap.html. There are also some online tools that can be used to inspect packet dumps quickly. One of them is http://sadjad.me/phd/.

AddThis Social Bookmark Button

Making sense of Broadband networks – VLAN Model

October 1st, 2013 Wael Osama Posted in Network Design | No Comments »

In the previous post we discussed the major considerations of a broadband network architecture. Now I want to discuss each of those points one by one adding some details. I will do this quick and might not be able to provide illustrations or configuration examples all the time due to time limits, so if anything is not so clear please let me know and I can reiterate this.

Qouting from previous post, I was mentioing that a provider has to make a choice between two major VLAN models or combine both:

“Which VLAN model? Customer VLAN (know as C-VLAN) or service VLAN (S-VLAN) or hybrid which combines both models.”

Lets start by outlining and describing each of them:
Read the rest of this entry »

AddThis Social Bookmark Button

Making sense of Broadband networks – Part 1

May 24th, 2013 Wael Osama Posted in Network Design, PPP | 2 Comments »

Broadband is a hot topic in the telecommunications industry nowadays; it is becoming the bread and butter for so many service providers and mobile carriers with the big growth and penetration rates in these technologies in the recent years.  ( Check this report about the EOCD countries). Although it is that important, broadband topics probably are not covered in any certification/education track and the reason might be that there is no “one shop suits all” in this field as in routing and switching technologies. In this post and others my aim is to provide some engineers with a brief but useful information about some of the deployed models today according to my own experience.

First of all let’s set the  scope for this series by starting with a basic question like what is broadband networks as I deal with them?

Technically broadband is any internet connection with higher bandwidth than dial-up connections. Broadband connections can be DSL, cable, satellite or fibre connections. In broadband typically the subscriber has a residential gateway at home/office which might be connected to a MSAN and probably an aggregation network and finally the BNG which will provide the L3 termination point of the connection and is connected to the rest of the service provider network and the Internet.  Many devices are used in broadband networks and cover all the OSI model layers and they typically come from different vendors and they all interact together to provide the service. There is also a decent amount of servers used to provide AAA, billing, Multicast streams, etc services to subscribers. This creates some challenges for engineers working with these networks. Read the rest of this entry »

AddThis Social Bookmark Button

What can you learn in 5 minutes a day !

April 26th, 2013 Wael Osama Posted in Industry News, Off Topic | 1 Comment »

I  believe in minimalism and what small focused actions can make for a person and small steps is what Juniper learning bytes is all about. Learning bytes is an online learning resource launched last year by Juniper education services organization as a free service.

The nice thing about the learning bytes is that they are focused, short and concise videos that give you a a quick idea about a certain technology, feature or configuration in about 10 minutes  or less and they are created by Juniper’s educational services team right to you.

Here is a good byte, not just because my friend Ayman Aborabh made it but because it’s a good short description of  6PE and how it works. Check it out and explore some of the bytes they offer @ Juniper learning bytes site.

AddThis Social Bookmark Button

DHCP client testing tool

April 23rd, 2013 Wael Osama Posted in Tools | 1 Comment »

DHCP is vastly growing in service provider networks for broadband subscribers, I had the chance to work lately with a some of these setups. The protocol is really easy to configure for broadband and provide many benefits.  It has lower overhead compared to PPPOE and it is much more suitable for Multicast services.

For those of you who are working with subscriber management, I know sometimes you need to do quick tests to verify new configurations or may be to do some stress or scalability tests. Traffic generators are  more suitable for stress and scalability tests but sometimes I really need some simple tool to play with from my desktop and inspect packets directly.

There are more sophisticated ways to craft packets when needed but this  Linux DHCP client test tool was very handy in doing quick testing, it’s very simple and intuitive to use. It does not offer a complete set of options or operations but it is very useful to test your configuration or to do a simple stress test if your PC can handle it. The limitation I found is that it was not automated, so I had to make my own script to generate MAC addresses and feed it to the tool to issue any number of sessions I like.

I bring up about 16K of DHCP subscribers in about 30min with the script and tool. The script distributes the number of clients on 5 threads to speed up things a bit, but of course this can be optimized in many ways to speed it up, but I will personally keep it simple for everyday use. Feel free to improve this anyway you like but please share the value with the community.

All you need to do is to put the tool and script in the same folder and run the script as follows with superuser privileges.

sudo ./dhcptest.py -i eth1.2668 -s 10000
-i is the interface
-s is the number of subscribers you want to randomly create

Download the tool and check documentation on how to use it from the link below and you can download the python script here. Put them in the same directory and you are good to go.

http://sargandh.wordpress.com/2012/02/23/linux-dhcp-client-simulation-tool/

Note: The script does not have much of error handling, so you need to make sure you are using the correct parameters. The tool must be used with root permissions to be able to open promiscuous sockets on your box.

AddThis Social Bookmark Button

Few ways scripting can keep you sane

October 3rd, 2012 Wael Osama Posted in Off Topic | 4 Comments »

C’est la vie, it has been almost a year since I posted on the blog, a year full of change,  but here I am kicking up again with this simple short post about how scripting could save you time and effort on daily basis.

I know most of you might be using those free or commercially available applications to manage your daily work and they are all great; and I don’t want to convince you of reinventing the wheel but I am  talking here about higher level of control over your very own, tailored to your specific needs tools.

OK, honestly I am combining both myself, I write scripts that interact with other available tools to get me exactly where I want to go. Here are some ways I use scripting everyday:

Managing/Creating configuration: In my daily work I usually need to apply thousands of configuration lines to a router or multiple to build some lab.  There are many simple ways to automate this daunting operation using existing applications.  But it gets harder when I need to write the configuration dynamically or on the fly, for example when I need to create hundreds/thousands of interfaces with some sequence, addresses  or policies to test something.   I usually use scripts to do the job for me.

Try WISB, it is small application that can be used to distribute the same piece of configuration to multiple devices automatically.

Collecting logs: This is another chore in our jobs,  that is sometimes tricky. If troubleshooting problem or debugging how something works in details, mostlyI need to collect logs in a very systematic way or in specific order from multiple devices, and I always miss, if I do manually. Scripts can do a great job in helping you troubleshoot problems while having your lunch. A recent example  was using a script to monitor a small memory leak problem in a production network which would have been very hard to spot manually.

Simulating scenarios: This is another good job for scripts  simulating specific design issues/problems. I use this often in my daily work by combining my own scripts with other available tools I am usually able to come out with a specific scenario to test something. I use this for generating traffic patterns, flapping interfaces, crafting of packets or other application layer services (HTTP, FTP, etc) if needed.

Stress/performance testing:  scripting also is very useful to stress test or measure the performance of  some services or features on your routers or networks. Like for example testing same host (MAC/IP) enforcements, creating large number of connections to some service.

Finally Having Fun:  writing scripts or automating operations is  fun for many, it breaks the boring repetitive tasks by adding some spice and creativity to it. I spend sometime writing/editing/ debugging the script but once I am done; it acts like an employee that keeps working for me for free ( yes I am lazy but not very much)  :)

So, my general advice to you would be; Go find a powerful Linux box in your network or lab and play with scripts that would save you time and effort in your daily operations and if you can’t write them yourself most probably you will find many ready available on the Internet out there. Also don’t forget about the scripting capabilities offered by the box itself, that’s a very handy tool too.

Happy Networking ..

AddThis Social Bookmark Button